You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2012-75

Mozilla Foundation Security Advisory 2012-75

Title: select element persistance allows for attacks
Impact: Critical
Announced: October 9, 2012
Reporter: David Bloom
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 16
  Thunderbird 16
  SeaMonkey 2.13

Description

Security researcher David Bloom of Cue discovered that <select> elements are always-on-top chromeless windows and that navigation away from a page with an active <select> menu does not remove this window.When another menu is opened programmatically on a new page, the original <select> menu can be retained and arbitrary HTML content within it rendered, allowing an attacker to cover arbitrary portions of the new page through absolute positioning/scrolling, leading to spoofing attacks. Security researcher Jordi Chancel found a variation that would allow for click-jacking attacks was well.

In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.

References