Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 256131 (CVE-2009-0253) - www-client/mozilla-firefox Status Bar Obfuscation (CVE-2009-0253)
Summary: www-client/mozilla-firefox Status Bar Obfuscation (CVE-2009-0253)
Status: RESOLVED FIXED
Alias: CVE-2009-0253
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B4 [noglsa]
Keywords:
Depends on: CVE-2009-0352
Blocks:
  Show dependency tree
 
Reported: 2009-01-23 21:52 UTC by Stefan Behte (RETIRED)
Modified: 2013-09-03 02:29 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2009-01-23 21:52:06 UTC
CVE-2009-0253 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0253):
  Mozilla Firefox 3.0.5 allows remote attackers to trick a user into
  visiting an arbitrary URL via an onclick action that moves a crafted
  element to the current mouse position, related to a "Status Bar
  Obfuscation" and "Clickjacking" attack.
Comment 1 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2009-08-13 09:54:40 UTC
Still not fixed in 3.5.2
Comment 2 Jory A. Pratt gentoo-dev 2011-01-14 17:26:21 UTC
(In reply to comment #1)
> Still not fixed in 3.5.2
> 

Readd us if needed appears to be fixed in current firefox.