You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2013-37

Mozilla Foundation Security Advisory 2013-37

Title: Bypass of tab-modal dialog origin disclosure
Impact: Moderate
Announced: April 2, 2013
Reporter: shutdown
Products: Firefox, SeaMonkey

Fixed in: Firefox 20.0
  SeaMonkey 2.17

Description

Security researcher shutdown reported a method for removing the origin indication on tab-modal dialog boxes in combination with browser navigation. This could allow an attacker's dialog to overlay a page and show another site's content. This can be used for phishing by allowing users to enter data into a modal prompt dialog on an attacking, site while appearing to be from the displayed site.

References