USN-811-1 -- firefox-3.0, xulrunner-1.9 vulnerabilityID: oval:org.secpod.oval:def:700299 | Date: (C)2011-05-13 (M)2024-02-19 |
Class: PATCH | Family: unix |
Juan Pablo Lopez Yacubian discovered that Firefox did not properly display invalid URLs. If a user were tricked into accessing a malicious website, an attacker could exploit this to spoof the location bar, such as in a phishing attack. Furthermore, if the malicious website had a valid SSL certificate, Firefox would display the spoofed page as trusted.
Platform: |
Ubuntu 8.10 |
Ubuntu 8.04 |
Ubuntu 9.04 |