Juha-Matti Laurio reported a vulnerability in the Galeon browser in the tabbed browsing feature. A remote user may be able to spoof web page functions.
It is reported that when a target user has multiple tabs open, an inactive tab can issue a dialog box that will be displayed even though the target user is currently viewing a different tab. As a result, a remote user may be able to spoof functions on the web site in the active tab.
The vulnerability is due to a previously reported underlying flaw in the Mozilla Gecko engine, which is used by Galeon. Secunia Research reported the flaw in Mozilla.
A demonstration exploit is available at http://secunia.com/multiple_browsers_dialog_box_spoofing _test/
The vendor was notified on October 26, 2004.