256131 – (CVE-2009-0253) www-client/mozilla-firefox Status Bar Obfuscation (CVE-2009-0253)

Bug 256131 (CVE-2009-0253) - www-client/mozilla-firefox Status Bar Obfuscation (CVE-2009-0253)

Summary: www-client/mozilla-firefox Status Bar Obfuscation (CVE-2009-0253)

Status:	RESOLVED FIXED

Alias:	CVE-2009-0253

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B4 [noglsa]
Keywords:

Depends on:	CVE-2009-0352
Blocks:
	Show dependency tree

Reported:	2009-01-23 21:52 UTC by Stefan Behte (RETIRED)
Modified:	2013-09-03 02:29 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Behte (RETIRED) gentoo-dev

2009-01-23 21:52:06 UTC

CVE-2009-0253 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0253):
  Mozilla Firefox 3.0.5 allows remote attackers to trick a user into
  visiting an arbitrary URL via an onclick action that moves a crafted
  element to the current mouse position, related to a "Status Bar
  Obfuscation" and "Clickjacking" attack.

Comment 1 Alex Legler (RETIRED) archtester

2009-08-13 09:54:40 UTC

Still not fixed in 3.5.2

Comment 2 Jory A. Pratt gentoo-dev

2011-01-14 17:26:21 UTC

(In reply to comment #1)
> Still not fixed in 3.5.2
> 

Readd us if needed appears to be fixed in current firefox.