-
October 20th, 2004, 03:27 PM
#1
Tabbed Browser Spoofing Tests..
Secunia released a listing of bugs that affects a variety of tabbed browsers. Check out their site to see the POC in action. I can see a variety of phishes coming out of this along with other potentials (e.g., have a link to AO and use the option to popup a "log in" javascript box).
-
October 20th, 2004, 04:40 PM
#2
Well, here's a test to see how concerned Mozilla is with security.... Guess we'll have to wait and see how long it takes, again.
Thanks for the headds up. I guess I should bookmark that site one of these days... hehe
Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
- Samuel Johnson
-
October 20th, 2004, 05:14 PM
#3
umm.Always wondered about this..I noticed in Mozilla, if I have one tab open with Hotmail and one with AO that hotmail will start to copy my logon name from AO. Along with Korpdeath, Thanx for the heads up!
-
October 20th, 2004, 06:29 PM
#4
Interesting...
Tested my browser (Firefox 1.0), and I'm vulnerable as expected. Does anyone know if the malicious website triggering this vuln. would have any way of knowing what site you 'thought' you were feeding data to?
-
October 20th, 2004, 07:01 PM
#5
Banned
There is an extension for Firefox called Spoofstick, which displays the host of the site (or something like that) just below your nav bar in a customizable color and size. I'm not sure if that would exactly help with this, but it certainly helps with other phishing scams like spoofed sites.
-
October 21st, 2004, 05:04 AM
#6
Member
I read over at the Opera forums that they will be addressing this in the 7.6 release. Couldn't find an ETA on it though. Cheers MsMittens.
-
October 21st, 2004, 05:36 AM
#7
The location of the JS script cannot be shown by Spoofstick.
However for Firefox users I can only recommend to be careful when new JS windows show up... click cancel then investigate the source code on the originating webpage, and make sure you don't actually get redirected through other pages that might contain this code.
Thanks for the heads up MsM.
/ \\
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|