-
January 6th, 2005, 03:04 PM
#1
Mozilla Firefox Download Dialog Source Spoofing
Secunia Advisory: SA13599
Release Date: 2005-01-04
Critical: Less critical
Impact: Spoofing
Where: From remote
Solution Status: Unpatched
Software: Mozilla 1.7.x and Mozilla Firefox 1.x
Description:
Secunia Research has discovered a vulnerability in Mozilla / Mozilla Firefox, which can be exploited by malicious people to spoof the source displayed in the Download Dialog box.
The problem is that long sub-domains and paths aren't displayed correctly, which therefore can be exploited to obfuscate what is being displayed in the source field of the Download Dialog box.
The vulnerability has been confirmed in Mozilla 1.7.3 for Linux, Mozilla 1.7.5 for Windows, and Mozilla Firefox 1.0. Other versions may also be affected.
Solution:
Do not follow download links from untrusted sources
Link : http://secunia.com/advisories/13599/
-
January 6th, 2005, 05:58 PM
#2
A possible solution while using Firefox is the spoof stick extension. (see attachment)
\"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
Author Unknown
-
January 6th, 2005, 06:02 PM
#3
Member
Thanks for the heads up. I just started using firefox with windows and this raises the question is firefox more secure than internet explorer.
-
January 7th, 2005, 01:24 AM
#4
My personal point of view is that you'll start seeing more security Advisory about Firefox now that peoples start using it a lot.
-
January 7th, 2005, 03:12 AM
#5
I agree with SDK, but there is still way more vulnerabilities in IE than firefox. I think there will continue to be more attacks on IE, b/c the average layman doesn't know how often they get attacked and they stick with Ie despite all the warnings. Nontheless, we will continue to see new vulnerabilities in both, just not at the same rate. That's just my opinion.
The fool doth think he is wise, but the wiseman knows himself to be a fool - Good Ole Bill Shakespeare
-
January 7th, 2005, 04:49 AM
#6
Senior Member
Originally posted here by SDK
My personal point of view is that you'll start seeing more security Advisory about Firefox now that peoples start using it a lot.
the question is, when will the next major sploit be for the mozilla series. And even if you could gain complete control over the computer ... IE exploits were never mass damaging, only to m$ reputation
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|