• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Mozilla/Netscape/Firefox Browser Modal Dialog Spoofing Vulnerability

Solution:
Mozilla has released version 1.0.1 of Firefox to address this, and other issues:

RedHat Fedora Linux has made an advisory available dealing with this issue in their Core 3 distribution. Please see the reference section for more information.

Gentoo has released an advisory (GLSA 200503-10) and updated eBuilds to address this vulnerability. Gentoo users that are running the affected software may apply the update by issuing the following sequence of commands as a superuser:

For Firefox users:
emerge --sync
emerge --ask --oneshot --verbose ">=net-www/mozilla-firefox-1.0.1"

For Firefox binary users:
emerge --sync
emerge --ask --oneshot --verbose ">=net-www/mozilla-firefox-bin-1.0.1"

Gentoo has released advisory GLSA 200503-30 to address this issue. Please see the referenced advisory for more information. Gentoo users may carry out the following commands to update their computers:

Mozilla Suite users:
emerge --sync
emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.6"

Mozilla Suite binary users:
emerge --sync
emerge --ask --oneshot --verbose ">=www-client/mozilla-bin-1.7.6"

Red Hat has released advisory RHSA-2005:384-11 and fixes to address this
and other issues on Red Hat Linux Enterprise platforms. Customers who are
affected are advised to apply the appropriate updates. Customers
subscribed to the Red Hat Network may apply the appropriate fixes using
the Red Hat Update Agent (up2date). Please see the referenced advisory for
additional information.

SGI has released an advisory 20050501-01-U including updated SGI ProPack 3 Service Pack 5 packages to address this BID and other issues. Please see the referenced advisory for more information.

RedHat Fedora Legacy has released advisory FLSA:152883 addressing this and other issues for RedHat Linux 7.3, 9 and for Fedora Core 1 and Core 2. Please see the referenced advisory for details on obtaining and applying the appropriate updates.

HP advisory HPSBUX01133 (SSRT5940 rev.1 - HP-UX Mozilla remote, unauthorized user may execute privileged code) is available to address various issues affecting Mozilla. Please see the referenced advisory for more information.


Mozilla Firefox 1.0

• Mozilla firefox-1.0.1-source.tar.bz2
  http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/1.0.1/source/f irefox-1.0.1-source.tar.bz2