• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Mozilla/Netscape/Firefox Browsers XPCOM Plug-In For Apple Mac OSX Content Spoofing Vulnerability

Browsers based on the Gecko engine are reported prone to a content spoofing vulnerability when they are running on the Apple Mac OS X platform. It is reported that the vulnerability occurs when the browser is configured to employ 'Tabbed Browsing' functionality.

In essence, an XPCOM plug-in that is invoked in one tab will be drawn into the environment of alternate tabs that are open in the same browser window.

This vulnerability may be eexploited to spoof content and to aid in phishing style attacks.