« "Solution: Use another product " -More Microsoft Internet Explorer zone holes | Main | MLK walk info and Celebration site launched »

January 11, 2005

Common sense, not a flaw - Firefox Download Dialog Source Spoofing

Secunia - Advisories - Mozilla / Mozilla Firefox Download Dialog Source Spoofing

Mozilla / Mozilla Firefox Download Dialog Source Spoofing

Secunia Advisory: SA13599
Release Date: 2005-01-04

Critical:
Less critical
Impact: Spoofing
Where: From remote
Solution Status: Unpatched

Software:
Mozilla 1.7.x
Mozilla Firefox 1.x

Description:
Secunia Research has discovered a vulnerability in Mozilla / Mozilla Firefox, which can be exploited by malicious people to spoof the source displayed in the Download Dialog box.

The problem is that long sub-domains and paths aren't displayed correctly, which therefore can be exploited to obfuscate what is being displayed in the source field of the Download Dialog box.

The vulnerability has been confirmed in Mozilla 1.7.3 for Linux, Mozilla 1.7.5 for Windows, and Mozilla Firefox 1.0. Other versions may also be affected.

Solution:
Do not follow download links from untrusted sources.

Posted by cystdog at January 11, 2005 04:28 AM

Trackback Pings

For trackbacks, please use this URL:
http://www.scupper.net/cgi-bin/mt-tb.cgi/39

---

Comments

---

Post a comment

Name:

Email Address:

URL:
Remember Me? YesNo

Comments:

Email this entry to:


Your email address:


Message (optional):