Forums Últimos mensajes - Powered by IBM
 
Tags Palabras claves

[Vulnerable] Mozilla Browser

14/06/2004 - 20:21 por Ille Corvus | Informe spam
Ayuda Hacer una pregunta
Mozilla Browser Address Bar Spoofing Weakness
http://secunia.com/advisories/11856/


Critical: Less critical
Impact: Spoofing
Where: From remote

Software:
Mozilla 1.0
Mozilla 1.1
Mozilla 1.2
Mozilla 1.3
Mozilla 1.4
Mozilla 1.5
Mozilla 1.6
Mozilla Firefox 0.x


Description:
A weakness has been reported in Mozilla, allowing malicious people to
conduct phishing attacks.

The weakness is caused due to an error within the handling of URLs.
This can be exploited to potentially trick users into supplying
sensitive information to a malicious web site, because information
displayed in the address bar can be constructed in a certain way,
which may lead users to believe that they're visiting another web site
than the displayed web site.

Example:
http://[trusted_site]%2F%20%20%20.[malicious_site]/

Successful exploitation requires that a malicious web site's domain
supports wildcard DNS and accepts invalid values in the "Host:"
header.

The weakness has been confirmed in Mozilla 1.6 and 1.7rc3 for Windows
and Firefox 0.8 and 0.9rc for Windows. Other versions may also be
affected.

Solution:
Don't follow links from untrusted sources, but input URLs manually in
the address bar.


Meritorios de Filtrado (Kill-File Global):
tella llop, jm (N.B. 2003.10.25)


"El software propietario sera solo para los que lo puedan pagar."
"El software libre es para toda la Humanidad."
email Siga el debateRespuesta 4 respuestasRespuesta Tengo una respuesta
DRAGON AGE™: INQUISITION – Matadragones
 

Leer las respuestas

#1 Adriana
14/06/2004 - 20:33 | Informe spam
Eso es off-topic y crossposting. Veo que ni se ha
molestado en leer las reglas de posteo en las news ¿eh?

Comprese una Game Boy anda.

PD: Elija rapido un hilo y pongase a jugar a discutir
sobre la reproduccion de los cangrejos, que solo vale
para eso.

Mozilla Browser Address Bar Spoofing Weakness
http://secunia.com/advisories/11856/


Critical: Less critical
Impact: Spoofing
Where: From remote

Software:
Mozilla 1.0
Mozilla 1.1
Mozilla 1.2
Mozilla 1.3
Mozilla 1.4
Mozilla 1.5
Mozilla 1.6
Mozilla Firefox 0.x


Description:
A weakness has been reported in Mozilla, allowing


malicious people to
conduct phishing attacks.

The weakness is caused due to an error within the


handling of URLs.
This can be exploited to potentially trick users into


supplying
sensitive information to a malicious web site, because


information
displayed in the address bar can be constructed in a


certain way,
which may lead users to believe that they're visiting


another web site
than the displayed web site.

Example:
http://[trusted_site]%2F%20%20%20.[malicious_site]/

Successful exploitation requires that a malicious web


site's domain
supports wildcard DNS and accepts invalid values in


the "Host:"
header.

The weakness has been confirmed in Mozilla 1.6 and


1.7rc3 for Windows
and Firefox 0.8 and 0.9rc for Windows. Other versions


may also be
affected.

Solution:
Don't follow links from untrusted sources, but input


URLs manually in
the address bar.


Meritorios de Filtrado (Kill-File Global):
tella llop, jm (N.B. 2003.10.25)


"El software propietario sera solo para los que lo


puedan pagar."
"El software libre es para toda la Humanidad."
.

Preguntas similares

 

Busqueda sugerida :