Mozilla Firefox Download Dialog Source Spoofing
Results 1 to 6 of 6

Thread: Mozilla Firefox Download Dialog Source Spoofing

  1. #1
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126

    Mozilla Firefox Download Dialog Source Spoofing

    Secunia Advisory: SA13599
    Release Date: 2005-01-04
    Critical: Less critical
    Impact: Spoofing
    Where: From remote
    Solution Status: Unpatched

    Software: Mozilla 1.7.x and Mozilla Firefox 1.x

    Description:
    Secunia Research has discovered a vulnerability in Mozilla / Mozilla Firefox, which can be exploited by malicious people to spoof the source displayed in the Download Dialog box.

    The problem is that long sub-domains and paths aren't displayed correctly, which therefore can be exploited to obfuscate what is being displayed in the source field of the Download Dialog box.

    The vulnerability has been confirmed in Mozilla 1.7.3 for Linux, Mozilla 1.7.5 for Windows, and Mozilla Firefox 1.0. Other versions may also be affected.

    Solution:
    Do not follow download links from untrusted sources
    Link : http://secunia.com/advisories/13599/
    -Simon \"SDK\"

  2. #2
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    A possible solution while using Firefox is the spoof stick extension. (see attachment)
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  3. #3
    Member
    Join Date
    Jul 2003
    Posts
    53
    Thanks for the heads up. I just started using firefox with windows and this raises the question is firefox more secure than internet explorer.

  4. #4
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    My personal point of view is that you'll start seeing more security Advisory about Firefox now that peoples start using it a lot.
    -Simon \"SDK\"

  5. #5
    Senior Member
    Join Date
    Dec 2004
    Posts
    320
    I agree with SDK, but there is still way more vulnerabilities in IE than firefox. I think there will continue to be more attacks on IE, b/c the average layman doesn't know how often they get attacked and they stick with Ie despite all the warnings. Nontheless, we will continue to see new vulnerabilities in both, just not at the same rate. That's just my opinion.
    The fool doth think he is wise, but the wiseman knows himself to be a fool - Good Ole Bill Shakespeare

  6. #6
    Senior Member
    Join Date
    Jan 2005
    Posts
    128
    Originally posted here by SDK
    My personal point of view is that you'll start seeing more security Advisory about Firefox now that peoples start using it a lot.
    the question is, when will the next major sploit be for the mozilla series. And even if you could gain complete control over the computer ... IE exploits were never mass damaging, only to m$ reputation
    http://sfx-images.mozilla.org/affili...88x31/take.gif
    If You\'ve Done Something Right. People Wont Know You\'ve Done Anything At All - God (futurama)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •