Galeon Browser Tabbed Browsing Errors Let Remote Users Spoof Sites

 Juha-Matti Laurio reported a vulnerability in the Galeon browser in the tabbed browsing feature. A remote user may be able to spoof web page functions.

It is reported that when a target user has multiple tabs open, an inactive tab can issue a dialog box that will be displayed even though the target user is currently viewing a different tab. As a result, a remote user may be able to spoof functions on the web site in the active tab.

The vulnerability is due to a previously reported underlying flaw in the Mozilla Gecko engine, which is used by Galeon. Secunia Research reported the flaw in Mozilla.

A demonstration exploit is available at _test/

The vendor was notified on October 26, 2004.

Leave a Reply