Mozilla Foundation Security Advisory 2005-05

Input stealing from other tabs

Announced

January 21, 2005

Reporter

Jakob Balle (Secunia)

Impact

High

Products

Firefox, Mozilla Suite

Fixed in

Firefox 1
Mozilla Suite 1.7.5

Description

Jakob Balle of Secunia reported two vulnerabilities in windows with multiple tabs. Malicious content in a background tab can attempt to steal information intended for the topmost tab by popping up prompt dialog that appears to come from the trusted site, or by silently redirecting input focus to a background tab hoping to catch the user inputting something sensitive.

Jesse Ruderman and Martin Wargers discovered variants

Workaround

Do not open sites with sensitive content in the same window as tabs from untrusted content. Upgrade to fixed version.

References

http://secunia.com/advisories/12712
https://bugzilla.mozilla.org/show_bug.cgi?id=262887
https://bugzilla.mozilla.org/show_bug.cgi?id=265055
https://bugzilla.mozilla.org/show_bug.cgi?id=265456

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Impact

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice