SecurityTracker Alert ID: 1009209
CVE Reference: GENERIC-MAP-NOMATCH
Date: Feb 25 2004
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available: Yes Exploit Included: Yes Vendor Confirmed: Yes
Version(s): Affects versions prior to 1.6
Description: A vulnerability was reported in the Mozilla browser in the processing of event handlers during the transition of documents. A remote user can conduct cross-site scripting attacks.
Andreas Sandblad reported that a remote user can create HTML containing a specially crafted link that, when loaded on the target user's browser, may execute arbitrary javascript events in the security context of the new page.
The flaw reportedly resides in 'nsDOMClassInfo.cpp' and occurs when a large number of event handlers are used within HTML tags.
A remote user can create specially crafted HTML that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser in the context of an arbitrary site in that site's security domain. The code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
A limited amount of user interaction may be required.
The vendor was reportedly notified on December 2, 2003.
The original bug report (containing some demonstration exploit HTML) is available at:
http://bugzilla.mozilla.org/show_bug.cgi?id=227417
Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with an arbitrary site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (on December 3, 2003), available via CVS. A fix is also included in version 1.6b, available at:
http://www.mozilla.org/releases/
Vendor URL: bugzilla.mozilla.org/show_bug.cgi?id=227417
Cause: Input validation error, State error
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
Reported By: Andreas Sandblad
http://www.securitytracker.com/alerts/2004/Feb/1009209.html

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic