Mozilla Foundation Security Advisory 2007-17
XUL Popup Spoofing
- Announced
- May 30, 2007
- Reporter
- Chris Thomas
- Impact
- Low
- Products
- Firefox, SeaMonkey
- Fixed in
-
- Firefox 1.5.0.12
- Firefox 2.0.0.4
- SeaMonkey 1.0.9
- SeaMonkey 1.1.2
Description
Chris Thomas demonstrated that XUL popups opened
by web content could be placed outside the boundaries of the content
area. This could be used to spoof or hide parts of the browser chrome such
as the location bar.
References