FreeBSD : Mozilla / Firefox user interface spoofing vulnerability (730db824-e216-11d8-9b0a-000347a4fa7d)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The Mozilla project's family of browsers contain a design flaw that
can allow a website to spoof almost perfectly any part of the Mozilla
user interface, including spoofing web sites for phishing or internal
elements such as the 'Master Password' dialog box. This achieved by
manipulating 'chrome' through remote XUL content. Recent versions of
Mozilla have been fixed to not allow untrusted documents to utilize
'chrome' in this way.

See also :

http://bugzilla.mozilla.org/show_bug.cgi?id=22183
http://bugzilla.mozilla.org/show_bug.cgi?id=244965
http://bugzilla.mozilla.org/show_bug.cgi?id=252198
http://www.nd.edu/~jsmith30/xul/test/spoof.html
http://www.nessus.org/u?f78203f4

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 18982 (freebsd_pkg_730db824e21611d89b0a000347a4fa7d.nasl)

Bugtraq ID: 10832

CVE ID: CVE-2004-0764

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now