Últimos mensajes - Powered by IBM

Palabras claves

[Vulnerable] Mozilla Browser

14/06/2004 - 20:21 por Ille Corvus | Informe spam

Mozilla Browser Address Bar Spoofing Weakness
http://secunia.com/advisories/11856/

Critical: Less critical
Impact: Spoofing
Where: From remote

Software:
Mozilla 1.0
Mozilla 1.1
Mozilla 1.2
Mozilla 1.3
Mozilla 1.4
Mozilla 1.5
Mozilla 1.6
Mozilla Firefox 0.x

Description:
A weakness has been reported in Mozilla, allowing malicious people to
conduct phishing attacks.

The weakness is caused due to an error within the handling of URLs.
This can be exploited to potentially trick users into supplying
sensitive information to a malicious web site, because information
displayed in the address bar can be constructed in a certain way,
which may lead users to believe that they're visiting another web site
than the displayed web site.

Example:
http://[trusted_site]%2F%20%20%20.[malicious_site]/

Successful exploitation requires that a malicious web site's domain
supports wildcard DNS and accepts invalid values in the "Host:"
header.

The weakness has been confirmed in Mozilla 1.6 and 1.7rc3 for Windows
and Firefox 0.8 and 0.9rc for Windows. Other versions may also be
affected.

Solution:
Don't follow links from untrusted sources, but input URLs manually in
the address bar.

Meritorios de Filtrado (Kill-File Global):
tella llop, jm (N.B. 2003.10.25)

"El software propietario sera solo para los que lo puedan pagar."
"El software libre es para toda la Humanidad."

Siga el debate

4 respuestas

Tengo una respuesta

Preguntas similare

Mostrar todos los temas similares

Leer las respuestas

#1 Adriana

14/06/2004 - 20:33 | Informe spam

Eso es off-topic y crossposting. Veo que ni se ha
molestado en leer las reglas de posteo en las news ¿eh?

Comprese una Game Boy anda.

PD: Elija rapido un hilo y pongase a jugar a discutir
sobre la reproduccion de los cangrejos, que solo vale
para eso.

Mozilla Browser Address Bar Spoofing Weakness
http://secunia.com/advisories/11856/

Critical: Less critical
Impact: Spoofing
Where: From remote

Software:
Mozilla 1.0
Mozilla 1.1
Mozilla 1.2
Mozilla 1.3
Mozilla 1.4
Mozilla 1.5
Mozilla 1.6
Mozilla Firefox 0.x

Description:
A weakness has been reported in Mozilla, allowing

malicious people to

conduct phishing attacks.

The weakness is caused due to an error within the

handling of URLs.

This can be exploited to potentially trick users into

supplying

sensitive information to a malicious web site, because

information

displayed in the address bar can be constructed in a

certain way,

which may lead users to believe that they're visiting

another web site

than the displayed web site.

Example:
http://[trusted_site]%2F%20%20%20.[malicious_site]/

Successful exploitation requires that a malicious web

site's domain

supports wildcard DNS and accepts invalid values in

the "Host:"

header.

The weakness has been confirmed in Mozilla 1.6 and

1.7rc3 for Windows

and Firefox 0.8 and 0.9rc for Windows. Other versions

may also be

affected.

Solution:
Don't follow links from untrusted sources, but input

URLs manually in

the address bar.

Meritorios de Filtrado (Kill-File Global):
tella llop, jm (N.B. 2003.10.25)

"El software propietario sera solo para los que lo

puedan pagar."

"El software libre es para toda la Humanidad."
.

Responder a este mensaje

#2 Ille Corvus

14/06/2004 - 21:18 | Informe spam

El Mon, 14 Jun 2004 11:33:52 -0700, "Adriana"
escribio:

Eso es off-topic y crossposting. Veo que ni se ha
molestado en leer las reglas de posteo en las news ¿eh?

Al igual que usted :DDD :DDD

Comprese una Game Boy anda.

Si tengo la Advance...si supiera la de cosas que se pueden hacer
aparte de jugar por supuesto...

PD: Elija rapido un hilo y pongase a jugar a discutir
sobre la reproduccion de los cangrejos, que solo vale
para eso.

Me interesan mas la reproduccion de las polillas en la Polinesia, es
mas interesante

Un besaZo

Meritorios de Filtrado (Kill-File Global):
tella llop, jm (N.B. 2003.10.25)

"El software propietario sera solo para los que lo puedan pagar."
"El software libre es para toda la Humanidad."

Responder a este mensaje

#3 Anonimo

14/06/2004 - 21:30 | Informe spam

OVULA DE UNA VEZ y DEJANOS EN PAZ :DDDDDD

Eso es off-topic y crossposting. Veo que ni se ha
molestado en leer las reglas de posteo en las news ¿eh?

Comprese una Game Boy anda.

PD: Elija rapido un hilo y pongase a jugar a discutir
sobre la reproduccion de los cangrejos, que solo vale
para eso.

Mozilla Browser Address Bar Spoofing Weakness
http://secunia.com/advisories/11856/

Critical: Less critical
Impact: Spoofing
Where: From remote

Software:
Mozilla 1.0
Mozilla 1.1
Mozilla 1.2
Mozilla 1.3
Mozilla 1.4
Mozilla 1.5
Mozilla 1.6
Mozilla Firefox 0.x

Description:
A weakness has been reported in Mozilla, allowing

malicious people to

conduct phishing attacks.

The weakness is caused due to an error within the

handling of URLs.

This can be exploited to potentially trick users into

supplying

sensitive information to a malicious web site, because

information

displayed in the address bar can be constructed in a

certain way,

which may lead users to believe that they're visiting

another web site

than the displayed web site.

Example:
http://[trusted_site]%2F%20%20%20.[malicious_site]/

Successful exploitation requires that a malicious web

site's domain

supports wildcard DNS and accepts invalid values in

the "Host:"

header.

The weakness has been confirmed in Mozilla 1.6 and

1.7rc3 for Windows

and Firefox 0.8 and 0.9rc for Windows. Other versions

may also be

affected.

Solution:
Don't follow links from untrusted sources, but input

URLs manually in

the address bar.

Meritorios de Filtrado (Kill-File Global):
tella llop, jm (N.B. 2003.10.25)

"El software propietario sera solo para los que lo

puedan pagar."

"El software libre es para toda la Humanidad."
.

.

Responder a este mensaje

#4 .

14/06/2004 - 21:52 | Informe spam

x-no-archive:yes

Siga el debate Respuesta

Responder a este mensaje

Ads by Google

Hacer una pregunta

Tengo una respuesta

Busqueda sugerida