Results 1 to 7 of 7

Thread: Tabbed Browser Spoofing Tests..

  1. #1
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Redondo Beach, CA

    Tabbed Browser Spoofing Tests..

    Secunia released a listing of bugs that affects a variety of tabbed browsers. Check out their site to see the POC in action. I can see a variety of phishes coming out of this along with other potentials (e.g., have a link to AO and use the option to popup a "log in" javascript box).
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  2. #2
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Well, here's a test to see how concerned Mozilla is with security.... Guess we'll have to wait and see how long it takes, again.

    Thanks for the headds up. I guess I should bookmark that site one of these days... hehe
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  3. #3
    the beign of authority kurt_der_koenig's Avatar
    Join Date
    Jan 2004
    umm.Always wondered about this..I noticed in Mozilla, if I have one tab open with Hotmail and one with AO that hotmail will start to copy my logon name from AO. Along with Korpdeath, Thanx for the heads up!

  4. #4
    Top Gun Maverick811's Avatar
    Join Date
    Oct 2001

    Tested my browser (Firefox 1.0), and I'm vulnerable as expected. Does anyone know if the malicious website triggering this vuln. would have any way of knowing what site you 'thought' you were feeding data to?
    - Maverick

  5. #5
    Join Date
    Aug 2004
    There is an extension for Firefox called Spoofstick, which displays the host of the site (or something like that) just below your nav bar in a customizable color and size. I'm not sure if that would exactly help with this, but it certainly helps with other phishing scams like spoofed sites.

  6. #6
    Join Date
    Oct 2001
    I read over at the Opera forums that they will be addressing this in the 7.6 release. Couldn't find an ETA on it though. Cheers MsMittens.

  7. #7
    Senior Member
    Join Date
    Jul 2003
    The location of the JS script cannot be shown by Spoofstick.

    However for Firefox users I can only recommend to be careful when new JS windows show up... click cancel then investigate the source code on the originating webpage, and make sure you don't actually get redirected through other pages that might contain this code.

    Thanks for the heads up MsM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts