You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2012-45

Mozilla Foundation Security Advisory 2012-45

Title: Spoofing issue with location
Impact: High
Announced: July 17, 2012
Reporter: Mariusz Mlynski
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 14
  Firefox ESR 10.0.6
  Thunderbird 14
  Thunderbird ESR 10.0.6
  SeaMonkey 2.11

Description

Security researcher Mariusz Mlynski reported an issue with spoofing of the location property. In this issue, calls to history.forward and history.back are used to navigate to a site while displaying the previous site in the addressbar but changing the baseURI to the newer site. This can be used for phishing by allowing the user to input form or other data on the newer, attacking, site while appearing to be on the older, displayed site.

References