FreeBSD : web browsers -- window injection vulnerabilities (b0911985-6e2a-11d9-9557-000a95bc6fae)

high Nessus Plugin ID 19083

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

A Secunia Research advisory reports :

Secunia Research has reported a vulnerability in multiple browsers, which can be exploited by malicious people to spoof the content of websites.

The problem is that a website can inject content into another site's window if the target name of the window is known. This can e.g. be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website.

Secunia has constructed a test, which can be used to check if your browser is affected by this issue :
http://secunia.com/multiple_browsers_window_injection_vulnerability_te st/

A workaround for Mozilla-based browsers is available.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?972a794b

http://www.nessus.org/u?7eab70ad

https://bugzilla.mozilla.org/show_bug.cgi?id=273699

https://bugzilla.mozilla.org/show_bug.cgi?id=103638

http://mozillanews.org/?article_date=2004-12-08+06-48-46

https://www.kde.org/info/security/advisory-20041213-1.txt

http://www.nessus.org/u?ab031932

Plugin Details

Severity: High

ID: 19083

File Name: freebsd_pkg_b09119856e2a11d99557000a95bc6fae.nasl

Version: 1.19

Type: local

Published: 7/13/2005

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:de-linux-mozillafirebird, p-cpe:/a:freebsd:freebsd:de-linux-netscape, p-cpe:/a:freebsd:freebsd:de-netscape7, p-cpe:/a:freebsd:freebsd:el-linux-mozillafirebird, p-cpe:/a:freebsd:freebsd:firefox, p-cpe:/a:freebsd:freebsd:fr-linux-netscape, p-cpe:/a:freebsd:freebsd:fr-netscape7, p-cpe:/a:freebsd:freebsd:ja-linux-mozillafirebird-gtk1, p-cpe:/a:freebsd:freebsd:ja-linux-netscape, p-cpe:/a:freebsd:freebsd:ja-mozillafirebird-gtk2, p-cpe:/a:freebsd:freebsd:ja-netscape7, p-cpe:/a:freebsd:freebsd:kdebase, p-cpe:/a:freebsd:freebsd:kdelibs, p-cpe:/a:freebsd:freebsd:linux-mozilla, p-cpe:/a:freebsd:freebsd:linux-mozilla-devel, p-cpe:/a:freebsd:freebsd:linux-mozillafirebird, p-cpe:/a:freebsd:freebsd:linux-netscape, p-cpe:/a:freebsd:freebsd:linux-opera, p-cpe:/a:freebsd:freebsd:linux-phoenix, p-cpe:/a:freebsd:freebsd:mozilla, p-cpe:/a:freebsd:freebsd:mozilla%2bipv6, p-cpe:/a:freebsd:freebsd:mozilla-embedded, p-cpe:/a:freebsd:freebsd:mozilla-firebird, p-cpe:/a:freebsd:freebsd:mozilla-gtk, p-cpe:/a:freebsd:freebsd:mozilla-gtk1, p-cpe:/a:freebsd:freebsd:mozilla-gtk2, p-cpe:/a:freebsd:freebsd:mozilla-thunderbird, p-cpe:/a:freebsd:freebsd:netscape7, p-cpe:/a:freebsd:freebsd:opera, p-cpe:/a:freebsd:freebsd:opera-devel, p-cpe:/a:freebsd:freebsd:phoenix, p-cpe:/a:freebsd:freebsd:pt_br-netscape7, p-cpe:/a:freebsd:freebsd:ru-linux-mozillafirebird, p-cpe:/a:freebsd:freebsd:zhcn-linux-mozillafirebird, p-cpe:/a:freebsd:freebsd:zhtw-linux-mozillafirebird, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 1/24/2005

Vulnerability Publication Date: 12/8/2004

Reference Information

CVE: CVE-2004-1156, CVE-2004-1157, CVE-2004-1158, CVE-2004-1160

Secunia: 13129, 13253, 13254, 13402