Spoofing vulnerability in mozilla
Posted 11 June 2004 - 06:21 PM
This article was just published on infoworld, it says there are now 3 unpatched security holes including ones that effect mozilla and safari. Heres the link and the relevant paragraph
"On Thursday, two more unpatched Internet Explorer holes also surfaced that are slight variations on the same themes. One is a spoofing vulnerability that works on IE, as well as the Mozilla and Safari browsers and allows attackers to fake the address displayed in the address bar. The other is a cross zone scripting hole that lets users load insecure Web pages as if they were trusted Web pages, Larholm said."
Calling all mozilla experts, how do we protect ourselves now?
Posted 11 June 2004 - 07:21 PM
I am not a Mozilla expert, but, of the flaws found, one affects Mozilla and Safari browsers, specifically, spoofing the URL in the address bar. Whilst I am not suggesting that this is unimportant, it is certainly not as severe in its effect as it would be in IE. The URL spoofing in IE leads the browser to a malicious page which can exploit the other holes in IE to load malicious code onto your computer and allow it to be taken over.
One is a spoofing vulnerability that works on IE, as well as the Mozilla and Safari browsers and allows attackers to fake the address displayed in the address bar.
The flaw appears to be able to get Mozilla to the bogus page, but that as far as it goes, because the Mozilla browser is not vulnerable to the other flaws that IE is.
Thats how I see it, but other more knowledgable people will no doubt set the matter straight.
Posted 25 June 2004 - 07:00 AM
Edited by MJRx9000, 25 June 2004 - 07:01 AM.