Mozilla

Mozilla

Mozilla Foundation Security Advisory 2012-45

Spoofing issue with location

Announced
July 17, 2012
Reporter
Mariusz Mlynski
Impact
High
Products
Firefox, Firefox ESR, SeaMonkey, Thunderbird, Thunderbird ESR
Fixed in
  • Firefox 14
  • Firefox ESR 10.0.6
  • SeaMonkey 2.11
  • Thunderbird 14
  • Thunderbird ESR 10.0.6

Description

Security researcher Mariusz Mlynski reported an issue with spoofing of the location property. In this issue, calls to history.forward and history.back are used to navigate to a site while displaying the previous site in the addressbar but changing the baseURI to the newer site. This can be used for phishing by allowing the user to input form or other data on the newer, attacking, site while appearing to be on the older, displayed site.

References