Firefox phishing vulnerability discovered

ZDNet UK ^ | 05 January 2005 | Ingrid Marson

[ShadowAce]

I've always considered phishing to be more of a social engineering bug than technical, but it still pays to watch your browser.

[ShadowAce]

Firefox tech ping!

[dfwgator]

It's a sure sign of Firefox's popularity, now it is a target for hackers. We'll see just how secure it is.

[KoRn]

Bad news to hear, but being open source it will be fixed right away I'm sure.

[RedBloodedAmerican]

Woops.

I don't get it; I have never had any issues with IE or MS "holes" or the like in the 10 years I have used MS products.

[smith288]

The more popular you are, the bigger of a target is painted on your back.

If FireFox was THE browser of the web, the same freaks who live and die to hate Microsoft right now would be slamming Firefox.

Its just the natural order of things.

[Ginifer]

Thx for the update and post.

[Recovering Hermit]

As Firefox becomes increasingly popular, we'll probably see more of these vulnerabilities found and exploited.

[COEXERJ145]

It's a sure sign of Firefox's popularity, now it is a target for hackers.

Of course the Microsoft haters claim that a software's popularity has nothing to do with it being a target for hackers.

[ShadowAce]

...we'll probably see more of these vulnerabilities found and exploited.

Found, perhaps. "Exploited" is still much less likely.

[stainlessbanner]

Good post - thanks for the update, ShadowAce

[b4its2late]

So you're telling me I gotta go back to browsing with IE?

[ShadowAce]

< grin >. Nah. Firefox is still better than IE.

[demlosers]

I agree...

[TruthWillWin]

Wonder if these hackers received any compensation from MS?

[Mr. K]

I agree.

I love Microsoft and God Bless Bill Gates.

:)

[rogers21774]

No, but the lesson is nobody is completely 100% on the interenet, regardless of your browswer/OS of choice.

[zeugma]

I'll be interested in seeing how long it takes to fix this. I run Mozilla Nightlies, so I'll be testing it out when it is released.

[zeugma]

I just checked out Bugzilla's note about this. It would appear that it's a presentation "bug" in that if your dialog window is not big enough, the entire URL may not be shown. See bold text below. Workaround, is to expand (or maximize) the dialog box so that you can see the entire URL of the download.

To go along with the download box spoof reported in bug SA12712 Jakob Balle submits a demonstration to make the download dialog more convincing by obscuring the software source. The demo takes advantage of the default length truncation (similar to truncation of the filename in bug 258601). While the dialog /can/ be resized to see the whole url, most people won't think to do that or even know it's possible.

[b4its2late]

I figured. I just wanted to give you laugh, and you got a grin, so I was close... LOL!