# Mozilla / Mozilla Firefox "onunload" SSL Certificate Spoofing



## jgvernonco (Sep 13, 2003)

Mozilla / Mozilla Firefox "onunload" SSL Certificate Spoofing

SECUNIA ADVISORY ID:
SA12160

VERIFY ADVISORY:
http://secunia.com/advisories/12160/

CRITICAL:
Moderately critical

IMPACT:
Spoofing

WHERE:
From remote

SOFTWARE:
Mozilla Firefox 0.x
http://secunia.com/product/3256/
Mozilla 1.7.x
http://secunia.com/product/3691/

DESCRIPTION:
Emmanouel Kellinis has reported a vulnerability in Mozilla and
Mozilla Firefox, allowing malicious sites to abuse SSL certificates
of other sites.

It is possible to make the browser load a valid certificate from a
trusted website by using a specially crafted "onunload" event. The
problem is that Mozilla loads the certificate from a trusted website
and shows the "secure padlock" while actually displaying the content
of the malicious website.

The URL shown in the address bar correctly reads that of the
malicious website.

This has been confirmed using Mozilla Firefox 0.9.2 and Mozilla 1.7.1
on Windows and Mozilla Firefox 0.9.1 on Linux. Other versions may also
be affected.

SOLUTION:
Do not follow links from untrusted websites.

Verify the correct URL in the address bar with the one in the SSL
certificate.

PROVIDED AND/OR DISCOVERED BY:
Emmanouel Kellinis

ORIGINAL ADVISORY:
http://www.cipher.org.uk/index.php?..._Spoofing_Mozilla_FireFox_25-07-2004.advisory


----------

