Mozilla Foundation Security Advisory 2010-83

Location bar SSL spoofing using network error page

Announced
December 9, 2010
Reporter
Michal Zalewski
Impact
High
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 3.5.16
  • Firefox 3.6.13
  • SeaMonkey 2.0.11

Description

Google security researcher Michal Zalewski reported that when a window was opened to a site resulting in a network or certificate error page, the opening site could access the document inside the opened window and inject arbitrary content. An attacker could use this bug to spoof the location bar and trick a user into thinking they were on a different site than they actually were.

References