Mozilla/Firefox User Interface Spoofing Network Vulnerability

Summary

The remote host is using Mozilla and/or Firefox, an alternative web browser. This web browser supports the XUL (XML User Interface Language), a language designed to manipulate the user interface of the browser itself. Since XUL gives the full control of the browser GUI to the visited websites, an attacker may use it to spoof a third party website and therefore pretend that the URL and Certificates of the website are legitimate. In addition to this, the remote version of this browser is vulnerable to a flaw which may allow a malicious web site to spoof security properties such as SSL certificates and URIs.

Solution

None at this time

References

http://www.nd.edu/~jsmith30/xul/test/spoof.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2004-0763, CVE-2004-0764
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

SMB Registry : XP Service Pack version
MS Internet Explorer 'VBScript' Remote Code Execution Vulnerability
Webroot SpySweeper Enterprise Check
Adobe Acrobat 9 PDF Document Encryption Weakness Vulnerability (Win)
Microsoft Windows SMB2 '_Smb2ValidateProviderCallback()' Remote Code Execution Vulnerability

Mozilla/Firefox user interface spoofing

Take action and discover your vulnerabilities