Multiple Browser Javascript Dialog Origin Spoofing, vulnerabilities and axposures online database

Vulnerability details :

		Multiple Browser Javascript Dialog Origin Spoofing

Fiche

Fiche créée le 2005-06-21 11:24:17, dernière mise à jour le 2008-03-02 23:52:07

Multiple web browsers contain a Javascript flaw that may lead to an unauthorized password exposure or other information disclosure. It is possible for a malicious web site to open a dialog box in front of a window displaying a trusted web site. It may appear that the dialog box comes from the trusted web site prompting users to enter passwords or other sensitive information, which may lead to a loss of confidentiality.

Apple Computer, Inc. 1.x Affected

Apple Computer, Inc. 2.0 Affected

iCab 2.x Affected

Opera Software ASA 7.x Affected

Opera Software ASA 8.0 Affected

Mozilla Organization 0.8.4 Affected

Mozilla Organization 1.7.8 Affected

Mozilla Organization 0.x Affected

Mozilla Organization 1.0.4 Affected

Mozilla Organization 1.0.3 Affected

Mozilla Organization 1.0.2 Affected

Mozilla Organization 1.0.1 Affected

Microsoft Corporation 6.0 SP1 Affected

Microsoft Corporation 6.0 Affected

Microsoft Corporation 5 Affected

KDE Project 3.4.0 Affected

GNOME Project 1.6.0 Affected

Avant Force 10.0 build 168 Affected

Stilesoft Inc. 7.5.4.1429 Affected

FlashPeak 4.05 Build 007 Affected

Amazing Software Products 8.0.2.107 Affected

Omnibrowser 2.00 Affected

Wang Chunshan 10.0.0.0 Affected

Fastbrowser.net 8.1 Affected

Revopoint 4.2 Affected

Optimal Access Inc. 4.00 Build 154 Affected

AcooBrowser.com 1.17 build 283 Affected

NetLeaf Limited 1.0.4 Affected

Stanly Xu 2.54 build version 2.5.504.6101 Affected

AMBrowser.com 2.0.0 Affected

CrazyBrowser.com 2.0.0 Affected

Microsoft Corporation 7.2.10.1600 Affected

Capital Intellect, Inc. 2004.3.1286 Affected

SoftInform 3.2.12 Affected

SoftInform 4.4.07 Affected

VNCom LLC 2.0 Build 900 Affected

Hewlett-Packard Development Company, L.P. 1.7.8 Affected

Attack Type : Information Disclosure
comments, passwords, fingerprinting, system information.

Découvert le 2005-06-21 07:00:00

Disclosure : OSVDB Verified

Confirmé le 2005-06-21 07:00:00

Exploit : Exploit Public

Exploit découvert le 2005-06-21 07:00:00

Impact : Loss of Confidentiality
Assurance that data is protected and not disclosed to an unauthorized party. Examples: password disclosures, server information, environment variables, confirmation of file existence, path disclosure, file content access, some SQL injection.

Location : Remote / Network Access
If network access if required and exploit can be done remotely.

External refs :

OSVDB 17397

Free consultation (search)


		Fill one or some of the fields below :

		Vendor

		Title

		Vulnerability ref.





Free consultation (catalog)

Individual alerts


		You determine with one profile dynamic and assisted, all your material and software equipment. We shall inform you then automatically, as soon as a notification of security will concern one or several elements of it profile. Every notification is definite, consists of numerous information to determine risk and to protect itself from it.


Login:
Pass:


Free online subscription

Partenaires : Anti-spam - Hébergement France - MySQL Php Suisse - Hosting Canada - Web Php Maroc - WebmasterMalin
Guide de l'affiliation - Guide du paiement électronique et de l'e-currency - Annuaire du Web - Solution e-commerce - Externalisation et outsourcing
e-Marketing et e-Mailing - Comparaison de services - Comparateur Marchands - Bons plans par email - Tests de personnalité et de QI
SMS API - Forums et Petites Annonces Gratuites - Rencontres - Sonneries - Offres du Web - Arrêter de fumer - Guide des mobiles et PDA