Jump to content


Photo

Spoofing vulnerability in mozilla


  • Please log in to reply
2 replies to this topic

#1 brownda7

brownda7

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 11 June 2004 - 07:21 PM

Hey,

This article was just published on infoworld, it says there are now 3 unpatched security holes including ones that effect mozilla and safari. Heres the link and the relevant paragraph

http://www.infoworld...Nieholes_1.html

"On Thursday, two more unpatched Internet Explorer holes also surfaced that are slight variations on the same themes. One is a spoofing vulnerability that works on IE, as well as the Mozilla and Safari browsers and allows attackers to fake the address displayed in the address bar. The other is a cross zone scripting hole that lets users load insecure Web pages as if they were trusted Web pages, Larholm said."

Calling all mozilla experts, how do we protect ourselves now?

Brownda

#2 Freebird

Freebird

    Advanced Member

  • Full Member
  • PipPipPip
  • 193 posts

Posted 11 June 2004 - 08:21 PM

One is a spoofing vulnerability that works on IE, as well as the Mozilla and Safari browsers and allows attackers to fake the address displayed in the address bar.

I am not a Mozilla expert, but, of the flaws found, one affects Mozilla and Safari browsers, specifically, spoofing the URL in the address bar. Whilst I am not suggesting that this is unimportant, it is certainly not as severe in its effect as it would be in IE. The URL spoofing in IE leads the browser to a malicious page which can exploit the other holes in IE to load malicious code onto your computer and allow it to be taken over.

The flaw appears to be able to get Mozilla to the bogus page, but that as far as it goes, because the Mozilla browser is not vulnerable to the other flaws that IE is.

Thats how I see it, but other more knowledgable people will no doubt set the matter straight.

:wave:
We know the speed of light......but, whats the speed of dark? Steven Wright - Scientist and Comedian

#3 MJRx9000

MJRx9000

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 25 June 2004 - 08:00 AM

I ran into this just now, I believe. I had a link in my IM profile to my xanga blog; somehow I missed typed it as anga.com and it then redirected to www. 2seek2.com. Maybe time to upgrade to .9? :unsure:

Edited by MJRx9000, 25 June 2004 - 08:01 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button