Epiphany Browser Tabbed Browsing Errors Let Remote Users Spoof Sites

Juha-Matti Laurio reported a vulnerability in the Epiphany browser in the tabbed browsing feature. A remote user may be able to spoof web page functions.

It is reported that when a target user has multiple tabs open, an inactive tab can issue a dialog box that will be displayed even though the target user is currently viewing a different tab. As a result, a remote user may be able to spoof functions on the web site in the active tab.

The vulnerability is due to a previously reported underlying flaw in the Mozilla Gecko engine, which is used by Epiphany. Secunia Research reported the flaw in Mozilla.

A demonstration exploit is available at http://secunia.com/multiple_browsers_dialog_box_spoofi ng_test/

The vendor was notified on October 30, 2004.
Impact:  A remote user may be able to spoof web page functions.
Solution:  No solution was available at the time of this entry.

http://www.securitytracker.com/alerts/2004/Oct/1012003.html

Leave a Reply