Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2007-20

Frame spoofing while window is loading

Announced
July 17, 2007
Reporter
Ronen Zilberman and Michal Zalewski
Impact
Low
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 2.0.0.5
  • SeaMonkey 1.1.3

Description

Ronen Zilberman and Michal Zalewski both reported that it was possible to exploit a timing issue to inject content into about:blank frames in a page. When opening a window from a script, it is possible to spoof the content of the newly opened window's frames within a short time frame, while the window is loading.

References