Secunia has issued an advisory regarding tabbed browsing spoofing vulnerabilities in the Mozilla series of browsers. One spoof involves persuading the user to open a link to a trusted site in a new tab and then opening a JavaScript input box that appears to come from the trusted site when it actually sends its data back to the trickster. Another flaw again requires the user to open a link to a trusted site in a new tab, though this time the spoofer uses JavaScript to continually move focus back to a form field on the malicious page without causing the active tab to change from the trusted site. This means that a user who tries to enter form data on the trusted page will instead be passing information to the attacker. Slashdot has an article about this latest spoofing flaw, which also covers other browser holes published by Secunia today. According to Secunia's original tabbed browsing vulnerability advisory, the Mozilla Foundation was informed on October 4th, sixteen days ago.
On a related note, mozilla fan points us to some research suggesting that Mozilla can be easily crashed using malformed HTML. Other browsers are also affected, with the notable exception of Microsoft Internet Explorer. Once again, Slashdot has coverage of the malformed HTML crash issue. Mozilla developer Doron Rosenberg has some commentary on the impact for Mozilla's 'secure' reputation.
Update: Dean Tessman informs us that the form focus tab flaw (the second issue in the first paragraph) was fixed on the Aviary branch (the branch that will be used for the 1.0 releases of Mozilla Firefox and Mozilla Thunderbird) and the 1.7 branch on October 6th. As the fix is more of a workaround than a proper solution, it has not been checked in to the trunk. See bug 124750.
