A Cross Site Request Forgery (CSRF) attack relies on the trust a website has for a user to execute unauthorized requests and or transactions. For example, say a user is logged into their Joomla! websites' administrator interface in one tab and is browsing a compromised site in another tab.
The Frontend is a collective term to name the areas of the website as visitors or registered users see it. A registered user normally works only in the frontend. It is like in a store, where the goods are displayed in shop windows and on shelves. Here you can have a look around.
So, in nutshell: it's everything an unregistered user (Guest) and all other registered users, withouth administrative user rights (the members of main Registered group and it's subgroups) can see.
We all know that Joomla is all about collaboration. And anyone who had set up at least one instance of Joomla knows, that there are multiple levels of access in Joomla, among them one called Author who is supposedly able to submit an article to a Joomla site from the frontend.
Despite claims to the contrary Joomla 1.5 does have an ACL system. It may be rudimentary but when fully understood can be very useful.
By default, across all Joomla versions from Joomla 1.0, through Joomla 1.5, Joomla 1.6 to the Joomla 1.7 the basic structure of default user groups is unchanged. The users are generally sorted in 3 main categories, the unregistered/not logged in users, the registered users with frontend only access and the backend users. The exact naming of these main groups are varying across the different Joomla versions, but the default end level groups are the same. The groups and their core permissions are as follows:
Web Links 13
Articles View Hits 1921384
Currently are 158 guests and no members online