Firefox flaw raises phishing fears

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > General Topics > News

Firefox flaw raises phishing fears, Security >> Attacks

Options

KoanYorel View Member Profile	Jan 8 2005, 07:07 AM Post #1
Bleepin' Conundrum Group: Emeritus Posts: 19,461 Joined: 26-April 04 From: 65 miles due East of the "Logic Free Zone", in Md, USA Member No.: 235	<img src='/images/misc/rediscover.gif' style='float:right' vspace='8' hspace='8'> <b>Firefox flaw raises phishing fears.<br /> <br /> A vulnerability in Firefox could expose users of the open-source browser to the risk of phishing scams, security experts have warned.</b><br /><br />Published: January 7, 2005, 11:06 AM PST<br /> By Ingrid Marson<br /> Special to CNET News.com<br /> <br /> The flaw in Mozilla Firefox 1.0, details of which were published by security company Secunia on Tuesday, could allow hackers to spoof the URL in the download dialog box that pops up when a Firefox user tries to download an item from a Web site. This flaw is caused by the dialog box incorrectly displaying long sub-domains and paths, which can be exploited to conceal the actual source of the download. <br /> <br /> Mikko Hypponen, director of antivirus research at software maker F-Secure, said this bug could make Firefox users vulnerable to cybercriminals. "The most likely way we could see this exploited would be in phishing scams," he said.<br /> <br /> To fall victim to such a scam, a Firefox user would have to click on a link in an e-mail that pointed to a spoofed Web site and then download malicious software from the site, which would appear to be downloaded from a legitimate site. <br /><br /> <div class='newslinks'><img src='http://www.bleepingcomputer.com/forums/style_images/1/cs_page.gif'> <b>Link: <a href='http://news.com.com/Firefox+flaw+raises+phishing+fears/2100-1002_3-5517149.html?tag=nl' target='_blank'><font color='red'>Complete story here</font></a><br /><img src='http://www.bleepingcomputer.com/forums/style_images/1/cs_page.gif'> <b>Link: <a href='http://news.com.com/Firefox+When+is+a+flaw+not+a+flaw/2100-1002_3-5517201.html?tag=nl' target='_blank'><font color='red'>Additionally on Firefox: When is a flaw not a flaw?</font></a><br /> -------------------- The only easy day was yesterday. ...some do, some don't; some will, some won't (WR)

« Next Oldest · News · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 8th November 2009 - 05:24 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides