Firefox Phishing vulnerability

Discussion in 'Firefox' started by Tony Raven, Jan 7, 2005.

  1. Tony Raven

    Tony Raven Guest

    A low risk for safe surfers but worth being aware of.


    Firefox phishing vulnerability discovered
    Ingrid Marson
    ZDNet UK
    January 05, 2005, 15:30 GMT

    A newly discovered flaw in Firefox could allow cybercriminals to take
    advantage of Web surfers

    A vulnerability in Firefox could make users of the open source browser
    more likely to fall for phishing scams.

    The flaw in Mozilla Firefox 1.0, details of which were published by
    Secunia on Tuesday, allows malicious hackers to spoof the URL in the
    download dialog box which pops up when a Firefox user tries to download
    an item from a Web site. This flaw is caused by the dialog box
    incorrectly displaying long sub-domains and paths, which can be
    exploited to conceal the actual source of the download.

    Mikko Hyppönen, director of antivirus research at F-Secure, said this
    bug could make Firefox users vulnerable to cybercriminals. "The most
    likely way we could see this exploited would be in phishing scams," said

    To fall victim to such a scam, a Firefox user would have to click on a
    link in an email that pointed to a spoofed Web site and then download
    malware from the site, which would appear to be downloaded from a
    legitimate site.

    This flaw was given a severity rating of two out of a possible five by

    David Emm, a senior technology consultant at antivirus company Kaspersky
    Labs, said it is unlikely that phishers will take advantage of this
    exploit in Firefox because Microsoft's Internet Explorer still dominates
    the browser market.

    "I think it's unlikely that we'll see hackers rush to exploit this
    vulnerability," said Emm. "After all, Firefox has a much, much smaller
    install base than IE and it's likely that hackers will continue to pay
    more attention to [IE] instead."

    This may change in the future as Firefox has attracted a lot of interest
    in the past few months. A survey at the end of November found that
    Mozilla-based browsers, including Firefox, accounted for 7.4 percent of
    browsers in November 2004, up 5 percent from May.

    The download vulnerability has been confirmed in Mozilla 1.7.3 for
    Linux, Mozilla 1.7.5 for Windows, and Mozilla Firefox 1.0. No solution
    is available at present, but Mozilla developers plan to fix this bug in
    an upcoming version of the product.

    The Secunia advisory and Mozilla bug report are available online.
    Tony Raven, Jan 7, 2005
    1. Advertisements

  2. Salut à toi *Tony Raven*, tu nous disais ce vendredi 07/01/2005 dans
    <news:> vers 19:27:25 ce qui suit :

    > Firefox phishing vulnerability discovered

    Is that phishing or spoofing ?
    In any case use the extension Spoofstick :D to be sure on which *real *
    URL you are !

    L'erreur est de croire qu'on est seul devant ses problèmes !
    Essayer Firefox - Thunderbird - MesNews ... et s'ils vous conviennent
    ;) ICQ# 225201643
    Michel Doucet, Jan 7, 2005
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Reg Mouatt

    Phishing with Firefox!

    Reg Mouatt, Nov 3, 2004, in forum: Firefox
    Reg Mouatt
    Nov 3, 2004
  2. Jay Calvert

    Major Phishing Hole Found In IE and OE

    Jay Calvert, Feb 17, 2005, in forum: Firefox
    Michael J. Pelletier
    Feb 18, 2005
  3. Stubby

    Netcraft anti-phishing Toolbar

    Stubby, Jun 4, 2005, in forum: Firefox
    Reg Mouatt
    Jun 7, 2005
  4. History Fan

    Google anti-Phishing tool for Firefox

    History Fan, Feb 5, 2006, in forum: Firefox
    Tony Raven
    Feb 5, 2006
  5. Au79
    Fuzzy Logic
    Mar 22, 2007

Share This Page