Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the "chrome" flag and XML User Interface Language (XUL) files.
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
http://bugzilla.mozilla.org/show_bug.cgi?id=244965
http://marc.info/?l=bugtraq&m=109900315219363&w=2
http://secunia.com/advisories/12188
http://www.kb.cert.org/vuls/id/262350
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7
http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
http://www.redhat.com/support/errata/RHSA-2004-421.html
http://www.securityfocus.com/bid/10832
http://www.securityfocus.com/bid/15495
https://exchange.xforce.ibmcloud.com/vulnerabilities/16837
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2418
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9419
Source: MITRE
Published: 2004-08-18
Updated: 2017-10-11
Type: NVD-CWE-Other
Base Score: 10
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 10
Severity: HIGH