CastleCops® - Firefox Users caught by Phishers

Need help? Click here to register for free! Absolutely zero advertisements on this site!

	Donation/Premium

	Donations. Become Premium Today!

	Security Central

	· Home · PIRT/Fried Phish · MIRT · SIRT · Deutsch · Wiki · Newsletter · O16/ActiveX · CLSID List · Contest2007 · Downloads · Feedback (send) · Forums · HijackThis · Hijacktrend · LSPs · My Downloads · O18 · O20 · O21 · O22 · O23 · O9 · Premium · Private Messages · Proxomitron · Reviews · Search · StartupList · Stories Archive · Submit News · WsIRT · Your Account · Acceptable Use Policy

Browsers: Firefox Users caught by Phishers

Secunia has released a vulnerability announcement warns users of Firefox about phishing scams. This vulnerability that affects Firefox and Mozilla "allows malicious hackers to execute phishing scams by spoofing the source URL displayed in the browser's Download Dialog box." Firefox 1.0 is affected, as well as other Mozilla versions. No solution currently exists.

Posted on Friday, 07 January 2005 @ 13:41:14 UTC by Paul (2507 reads)
[ Trackback ]

"Browsers: Firefox Users caught by Phishers" | Login/Create an Account | 1 comment | Search

The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

Re: Firefox Users caught by Phishers (Score: 1)
by AplusWebMaster on Friday, 07 January 2005 @ 20:21:51 UTC
(User Info | Send a Message) http://www.apluswebmaster.net/

Firefox Phishing Vuln Sparks Hot Debate

- http://www.technewsworld.com/story/39504.html [www.technewsworld.com]
01/07/05
A vulnerability in Mozilla's open-source Firefox browser could be exploited, security experts have warned. Despite the hoopla about the superior security of Firefox, Secunia Research reported that the browser could be used by malicious people, know as phishers, to spoof the source URL displayed in the browser's Download Dialog box. The problem is that long sub-domains and paths aren't displayed correctly, which therefore can be exploited to obfuscate what is being displayed in the source field of the Download Dialog box, said the Secunia advisory. Secunia rated the flaw less critical and has confirmed the [b]vulnerability in Mozilla 1.7.3 for Linux, Mozilla 1.7.5 for Windows, and Mozilla Firefox 1.0[/b]. It added that other versions may also be affected. Currently, no solution is available. However, the vendor reports that this vulnerability will be fixed in upcoming versions of the affected products, Secunia stated in its advisory. The company urged users not to follow download links from untrusted sources. ( http://secunia.com/advisories/13599/ [secunia.com] )
...Finger-pointing can be a very effective marketing tool in high-tech, Wilcox said. Mozilla has used the tactic against Microsoft and it has proved to be very effective. There's no reason why Microsoft shouldn't turn that around here. That could impact Firefox because people have to make a conscious decision to switch browsers and this news could cause them to wait or decide not to migrate.

	Login

	Nickname Password Security Code: Type Security Code: Usage signifies AUP acceptance · New User? · Click here to create a registered account.

	Related Links

	· del.icio.us! · digg it! · reddit! · TrackBack (0) · Linux.com · HotScripts · W3 Consortium · Mozilla · More about Phishing · News by Paul Most read story about Phishing: False PayPal Charges!

	Article Rating

	Average Score: 4 Votes: 2 Please take a second and vote for this article:

	Options

	Printer Friendly Page


	2002-2008 � Computer Cops LLC dba CastleCops®. All rights reserved. Acceptable Use Policy. Use signifies your agreement. 103ppm 0.087s (0.007s) Making cybercriminals unhappy since 2002*