Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Web Browser)  >   Mozilla Firefox Vendors:
Mozilla Firefox Custom Cursor May Let Remote Users Spoof Portions of the User Interface
SecurityTracker Alert ID:  1017700
SecurityTracker URL:
CVE Reference:   CVE-2007-0779   (Links to External Site)
Date:  Feb 24 2007
Impact:   Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.5.x prior to, also 2.0,
Description:   A vulnerability was reported in Mozilla Firefox. A remote user may be able to spoof elements of the user interface.

A remote user can create a large, mostly transparent, custom cursor and adjust the CSS3 hotspot property to cause the visible part of the cursor to float outside of the browser content area. This may allow the remote user to spoof certain user interface elements, including the hostname and security indicators.

David Eckel reported this vulnerability.

Impact:   A remote user may be able to spoof elements of the user interface.
Solution:   The vendor has issued a fix (,

The Mozilla advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC