{"vuid":"VU#262350","idnumber":"262350","name":"Mozilla status elements can be disabled via JavaScript","keywords":["Mozilla","JavaScript","XUL"],"overview":"Mozilla allows websites to disable various browser status elements. This allows websites to create spoofed dialogs using XUL.","clean_desc":"Certain Mozilla web browser status elements, such as the address bar, status bar, and navigation controls, can be disabled remotely by web sites using JavaScript. Consequently, attackers can design malicious web sites that disable these native elements and, using XUL, recreate pages that look like native Mozilla dialogs and windows. (XUL is Mozilla's XML-based user interface. It allows for the development of cross-platform applications.)","impact":"An attacker could convince a user that they were viewing a native Mozilla dialog, when in fact they are visiting a page created by the attacker. The attacker could use additional social engineering techniques to trick the victim into disclosing sensitive information such as credit card numbers, account numbers, and passwords. The attacker could also spoof pop-up windows that do not display the address bar.","resolution":"","workarounds":"Disable the ability to hide status items By performing the following steps, it is possible to prevent JavaScript from disabling status elements. This will make XUL-created pages appear distinct from native Mozilla dialogs. 1. Enter \"about:config\" in Mozilla's address bar. This will display Mozilla's configuration values. 2. Set the following values to true: dom.disable_window_open_feature.titlebar\ndom.disable_window_open_feature.close\ndom.disable_window_open_feature.toolbar\ndom.disable_window_open_feature.location\ndom.disable_window_open_feature.directories\ndom.disable_window_open_feature.personalbar\ndom.disable_window_open_feature.menubar\ndom.disable_window_open_feature.scrollbars\ndom.disable_window_open_feature.resizable\ndom.disable_window_open_feature.minimizable\ndom.disable_window_open_feature.status These preferences can also be set via the user.js file.","sysaffected":"","thanks":"This vulnerability was reported by David Ahmad. The workaround was provided by Asa Dotzler.","author":"This document was written by Will Dormann.","public":["http://secunia.com/advisories/12188/","http://www.securityfocus.com/bid/10832","http://xforce.iss.net/xforce/xfdb/16837","https://bugzilla.mozilla.org/show_bug.cgi?id=176304","http://bugzilla.mozilla.org/show_bug.cgi?id=244965","http://bugzilla.mozilla.org/show_bug.cgi?id=22183"],"cveids":["CVE-2004-0764"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-08-04T11:43:24Z","publicdate":"2004-07-30T00:00:00Z","datefirstpublished":"2004-12-17T20:22:18Z","dateupdated":"2004-12-22T15:05:58Z","revision":18,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"20","cam_exploitation":"3","cam_internetinfrastructure":"0","cam_population":"10","cam_impact":"1","cam_easeofexploitation":"12","cam_attackeraccessrequired":"20","cam_scorecurrent":"1.035","cam_scorecurrentwidelyknown":"1.035","cam_scorecurrentwidelyknownexploited":"1.8","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":1.035,"vulnote":null}