Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Firefox flaw raises phishing fears
ZDNET ^ | 1/7/2005 | Ingrid Marson

Posted on 01/07/2005 3:06:33 PM PST by KwasiOwusu

A vulnerability in Firefox could expose users of the open-source browser to the risk of phishing scams, security experts have warned.

The flaw in Mozilla Firefox 1.0, details of which were published by security company Secunia on Tuesday, allows malicious hackers to spoof the URL in the download dialog box that pops up when a Firefox user tries to download an item from a Web site. This flaw is caused by the dialog box incorrectly displaying long sub-domains and paths, which can be exploited to conceal the actual source of the download.

Mikko Hypponen, director of antivirus research at software maker F-Secure, said this bug could make Firefox users vulnerable to cybercriminals. "The most likely way we could see this exploited would be in phishing scams," he said.

To fall victim to such a scam, a Firefox user would have to click on a link in an e-mail that pointed to a spoofed Web site and then download malicious software from the site, which would appear to be downloaded from a legitimate site.

(Excerpt) Read more at news.zdnet.com ...


TOPICS: Technical
KEYWORDS: browsers; computersecurity; firefox; intertexplorer; kneepads; littleprecious; lowqualitycrap; microsoft; paidshill; redmondpayroll; trollfromredmond
Navigation: use the links below to view more comments.
first 1-2021-4041-6061-80 ... 221-223 next last
So much for the much touted "security" of Firefox. :)
Isn't life just wonderful?

SHADENFREUD.
1 posted on 01/07/2005 3:06:34 PM PST by KwasiOwusu
[ Post Reply | Private Reply | View Replies]

To: KwasiOwusu
Yup, just have to use firefox to access a web based e-mail system that a) doesn't watch for scams, and b) ignore the text on the status line that tells you were you're downloading from.

Why anyone would go to that effort when you just have to create a bogus link for Microsoft IE users, I don't know.
2 posted on 01/07/2005 3:09:04 PM PST by kingu (Which would you bet on? Iraq and Afghanistan? Or Haiti and Kosovo?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: KwasiOwusu
More FUD.

Welcome to FreeRepublic.

/john

3 posted on 01/07/2005 3:09:42 PM PST by JRandomFreeper (D@mit! I'm just a cook. Don't make me come over there and prove it!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: KwasiOwusu

Already posted.


4 posted on 01/07/2005 3:09:59 PM PST by Clara Lou (Hillary Clinton: "We're going to take things away from you on behalf of the common good.")
[ Post Reply | Private Reply | To 1 | View Replies]

To: KwasiOwusu

"So much for the much touted "security" of Firefox. :)
Isn't life just wonderful?"

[To fall victim to such a scam, a Firefox user would have to click on a link in an e-mail that pointed to a spoofed Web site and then download malicious software from the site, which would appear to be downloaded from a legitimate site.]

Ooooh, that's some scary security flaw compared to the lolapaloozers in I.E.
I sure know I for one am always clicking on download links in untrusted emails I get through Firefox. Happens every day.


5 posted on 01/07/2005 3:10:32 PM PST by FastCoyote
[ Post Reply | Private Reply | To 1 | View Replies]

To: KwasiOwusu
everyone talks about how bad Microsoft is and how "safe" other browsers are, LOL. now that foxfire is becoming a bigger target just watch the security problems start.
6 posted on 01/07/2005 3:11:24 PM PST by postaldave (ACLU = Anti-Christian, Liberal, and Un-American.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: KwasiOwusu
To fall victim to such a scam, a Firefox user would have to click on a link in an e-mail...

And right there is the origin of the vulnerability!

NEVER EVER CLICK A LINK OR HOT BUTTON IN AN EMAIL!

Even an email you're sure came from a friend. Always use your own bookmarks, or type in the link on the URL bar at the top.

7 posted on 01/07/2005 3:13:23 PM PST by Siegfried (Firefox ROCKS on Slackware!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: KwasiOwusu

In my office we had 8 computer terminals on IE and 3 on Firefox. Because of the persistant problems that plagued IE, we have switched all browsers so Firefox. We have not had 1 problem in 8 months. Before we had to get all IE computers cleaned every 4wks. So,,, good luck.


8 posted on 01/07/2005 3:13:47 PM PST by mlbford2 ("Never wrestle with a pig; you can't win, you just get filthy, and the pig loves it...")
[ Post Reply | Private Reply | To 1 | View Replies]

To: KwasiOwusu
I use both, but I prefer Firefox 1.0+ (pre-release install of the next version).

Without a doubt, Internet Explorer with its Active X access is extremely dangerous. For those who do not understand, Active X is a set of routines that virtually allows full control of the Windows operating system (Microsoft made this to reduce download/upload transmission time for more complicated web-based applications). Active X and .NET share distant similarities, but Active X is the bigger threat.

IE should be relegated for occasional use only.
9 posted on 01/07/2005 3:18:02 PM PST by ScottM1968
[ Post Reply | Private Reply | To 1 | View Replies]

To: Clara Lou
"Already posted"

Apologies.
Just couldn't resist getting the Firefox evangelists' backs up.
Temptation to wind them up just proved too much.
I really am enjoying myself hugely, after all the ribbing that Microsoft supporters have taken from the Firefox fanatics over the past few months.:)
10 posted on 01/07/2005 3:20:23 PM PST by KwasiOwusu
[ Post Reply | Private Reply | To 4 | View Replies]

To: postaldave
"everyone talks about how bad Microsoft is and how "safe" other browsers are, LOL. now that foxfire is becoming a bigger target just watch the security problems start."

Its already started.
And its going to get worse.
Much, much worse.
Welcome to Firefox HELL!
So why am I smiling broadly?
11 posted on 01/07/2005 3:23:22 PM PST by KwasiOwusu
[ Post Reply | Private Reply | To 6 | View Replies]

To: KwasiOwusu
SHADENFREUD (sic)

Just how old are you, Little Precious?

12 posted on 01/07/2005 3:24:00 PM PST by JoJo Gunn (More than two lawyers in any Country constitutes a terrorist organization. ©)
[ Post Reply | Private Reply | To 1 | View Replies]

To: KwasiOwusu
Pretty much the only people that you are going to scare are the people who haven't yet switched. I'm not scared because I have quite a few months experience with Firefox and several years with IE6. I have my own experience to judge your statements by.

Personally, I could care less if everybody but me uses IE6. But you certainly won't see me using it again.
13 posted on 01/07/2005 3:24:44 PM PST by Arkinsaw
[ Post Reply | Private Reply | To 1 | View Replies]

To: KwasiOwusu

They'll create a fix for it since Firefox's code is open source. Any way, its one bug compared to the thousands documented in Internet Explorer - which is based on a proprietary, closed source software code - and Microsoft hasn't even pledged to make its browser more secure.


14 posted on 01/07/2005 3:27:49 PM PST by goldstategop (In Memory Of A Dearly Beloved Friend Who Lives On In My Heart Forever)
[ Post Reply | Private Reply | To 1 | View Replies]

To: JoJo Gunn
"Just how old are you, Little Precious?"

Oh no.
Not that same old BS again.

As for all this talk of "Precious"..um... you wouldn't be the guy in this story now would you?

http://www.freerepublic.com/focus/f-news/1315894/posts
15 posted on 01/07/2005 3:29:47 PM PST by KwasiOwusu
[ Post Reply | Private Reply | To 12 | View Replies]

To: KwasiOwusu
So why am I smiling broadly?

I don't know. But I bet its not this CERT advisory. I personally would advise everyone to listen to CERT before they listen to Kwasi

Use a different web browser
There are a number of significant vulnerabilities in technologies relating to the IE domain/zone security model, local file system (Local Machine Zone) trust, the Dynamic HTML (DHTML) document object model (in particular, proprietary DHTML features), the HTML Help system, MIME type determination, the graphical user interface (GUI), and ActiveX. These technologies are implemented in operating system libraries that are used by IE and many other programs to provide web browser functionality. IE is integrated into Windows to such an extent that vulnerabilities in IE frequently provide an attacker significant access to the operating system.

It is possible to reduce exposure to these vulnerabilities by using a different web browser, especially when viewing untrusted HTML documents (e.g., web sites, HTML email messages). Such a decision may, however, reduce the functionality of sites that require IE-specific features such as proprietary DHTML, VBScript, and ActiveX. Note that using a different web browser will not remove IE from a Windows system, and other programs may invoke IE, the WebBrowser ActiveX control (WebOC), or the HTML rendering engine (MSHTML).


16 posted on 01/07/2005 3:30:35 PM PST by Arkinsaw
[ Post Reply | Private Reply | To 11 | View Replies]

To: Arkinsaw

Love Firefox, but I have noticed that certain web pages do not fully load graphics, and flash demos don't work.

Tried to get a straight answer from Mozilla i.e. in terms a lay person could understand, but got no satisfaction.

Any ideas? And, yes, I've uninstalled and reinstalled the latest version of flash.


17 posted on 01/07/2005 3:32:12 PM PST by rube
[ Post Reply | Private Reply | To 13 | View Replies]

To: KwasiOwusu

I rest my case.


18 posted on 01/07/2005 3:38:39 PM PST by JoJo Gunn (More than two lawyers in any Country constitutes a terrorist organization. ©)
[ Post Reply | Private Reply | To 15 | View Replies]

To: KwasiOwusu

I guess that makes the ratio about 1000-to-1 Microsoft IE flaws to Firefox flaws...


19 posted on 01/07/2005 3:42:48 PM PST by frog_jerk_2004
[ Post Reply | Private Reply | To 1 | View Replies]

To: KwasiOwusu

So what's your beef with Firefox? I'm very satisfied with it.
Use it at home and work, and I don't have the problems that IE users have.


20 posted on 01/07/2005 3:43:38 PM PST by davetex
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-4041-6061-80 ... 221-223 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson