Description

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the "chrome" flag and XML User Interface Language (XUL) files.

References

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt

http://bugzilla.mozilla.org/show_bug.cgi?id=244965

http://marc.info/?l=bugtraq&m=109900315219363&w=2

http://secunia.com/advisories/12188

http://www.kb.cert.org/vuls/id/262350

http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7

http://www.novell.com/linux/security/advisories/2004_36_mozilla.html

http://www.redhat.com/support/errata/RHSA-2004-421.html

http://www.securityfocus.com/bid/10832

http://www.securityfocus.com/bid/15495

https://exchange.xforce.ibmcloud.com/vulnerabilities/16837

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2418

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9419

Details

Risk Information

CVSS v2