Another Firefox security issue

Published January 10, 2005

As Firefox becomes more and more popular, it faces more and more attacks from bad guys. A new report this morning claims that phishers have found a hole in Firefox:

A security flaw in the increasingly popular Firefox browser is exposing millions of users to phishing scams, security experts have warned.

Jakob Balle, security specialist at Secunia Research, said that the vulnerability in Firefox and Mozilla allows malicious hackers to execute phishing scams by spoofing the source URL displayed in the browser’s Download Dialog box.

“The problem is that long sub-domains and paths are not displayed correctly, which can be exploited to obfuscate what is being displayed in the source field of the Download Dialog box,” he said.

A Secunia Research advisory stated that the “less critical” vulnerability has been confirmed in Mozilla 1.7.3 for Linux, Mozilla 1.7.5 for Windows, and Mozilla Firefox 1.0. It added that “other versions may also be affected”.

Reportedly a patch is under development but isn’t ready.

Comments are closed. If you have a question or correction, please contact me on Twitter.

Ed on Twitter

Congrats to @harrymccracken for his new editorial gig RT @gchiemingo TIME is on his side (too easy) 1 hour ago
Google-branded streaming media device coming http://t.co/eyTnRdNQ via @WSJ 1 hour ago
"As an in-depth engineering dialog, we tend to favor the long form for Building Windows 8 posts" 8,617 words on Windows on Arm 5 hours ago
Sinofsky: "WOA includes desktop versions of the new Microsoft Word, Excel, PowerPoint, and OneNote" 5 hours ago
Sinofsky: Windows on ARM (WOA) includes "if you wish, the Windows desktop w/ tools like Windows File Explorer and desktop Internet Explorer" 5 hours ago

Ed Bott

I write stuff. Mostly about Windows. Sometimes I get paid for it.

Another Firefox security issue

Search this site

Hosted by A2

Ed @ ZDNet

Ed on Twitter

Meta

Sponsors

Links of Interest