Firefox flaw raises phishing fears

ZDNET ^ | 1/7/2005 | Ingrid Marson

[KwasiOwusu]

A vulnerability in Firefox could expose users of the open-source browser to the risk of phishing scams, security experts have warned.

The flaw in Mozilla Firefox 1.0, details of which were published by security company Secunia on Tuesday, allows malicious hackers to spoof the URL in the download dialog box that pops up when a Firefox user tries to download an item from a Web site. This flaw is caused by the dialog box incorrectly displaying long sub-domains and paths, which can be exploited to conceal the actual source of the download.

Mikko Hypponen, director of antivirus research at software maker F-Secure, said this bug could make Firefox users vulnerable to cybercriminals. "The most likely way we could see this exploited would be in phishing scams," he said.

To fall victim to such a scam, a Firefox user would have to click on a link in an e-mail that pointed to a spoofed Web site and then download malicious software from the site, which would appear to be downloaded from a legitimate site.

[KwasiOwusu]

LAMEOIDFREUD = FIREFOXSUCKSFREUD

[davetex]

Hey Chicken Licker do you not understand the question?

[KwasiOwusu]

"Trust me, Little Precious"

Hey, how is your "little Precious" here
http://www.freerepublic.com/focus/f-news/1315894/posts

doing? :)

[KwasiOwusu]

"Hey Chicken Licker do you not understand the question?"

Hey open source poufter, when you going to take your face out of Eric Raymond's backside, creep?

[Dat Mon]

"LAMEOIDFREUD = FIREFOXSUCKSFREUD"

DOESYOURDADDYKNOWYOURUSINGHISCOMPUTERAGAINFREUD

[davetex]

Very smart answer, too bad the rest of us aren't as all knowing as you are. They let you out of school early today or what?

[KwasiOwusu]

"DOESYOURDADDYKNOWYOURUSINGHISCOMPUTERAGAINFREUD"

Real question is if you even know who YOUR daddy is at all.

[KwasiOwusu]

"Very smart answer, too bad the rest of us aren't as all knowing as you are"

So...
You can hurl out abuse, but you can't take it?

[Pablo64]

Think what you want, but all I can say is that I am absolutely, 100% ecstatic and satisfied with my experience using Firefox (and Thunderbird for email). I have dial-up service and pages are loading faster since I switched and I have not had to clean out scores of little tracking cookies, malware, spyware, and other assorted "crapware". I can't wait to get my mother and father-in-law switched to Firefox on their computer (talk about browser hell, they're running IE on an HP Pavillion with Windows ME!).

One glitch (which will more than likely be remedied way faster than any of the myriad MS glitches) doesn't constitute enough to run out and gloat about. If you're happy with IE, then fine. Some of us expect better.

[Petronski]

Please note the spelling:


Schadenfreude



It's a beautiful word, let's preserve all of its natural wonder.

[Dat Mon]

"Real question is if you even know who YOUR daddy is at all."

Sorry...ad hominem attack.

Indicates lack of creativity, intelligence and sense of humor.

Please try again later...much later.

[Bon mots]

Actually, this is a non-issue really, compared to the swiss cheese that is IE, but nonetheless, there is a patch that I've installed in Firefox... unfortunately, I forgot where I found it.

It displays in large letters where you're downloading from and the URL of the actual site you're visiting. It's kind of redundant if you're web savvy, but it's good for the kids.

[davetex]

Still haven't answered the question, guess you can't. Aligator mouth with a tadpole ass. Seen a hundred of y'all.

[recalcitrant]

"But yeah the open source fanatics sure are ignorant and rabid." --KwasiOwusu

---

Jimrob, bet you were surprised to see you are one of the few and proud, you know... opensource, fanatics...

Is this site still running on an apache 'open source' server, perl and mysql? Are we still on freeBSD or openBSD? You know, all of those evil commie open source programs for ignorant and rabid folks?

How many years you been programming in 'fanatic' programming languages now?

heh heh...
pass me the rabies, please.

[Arkinsaw]

Love Firefox, but I have noticed that certain web pages do not fully load graphics, and flash demos don't work.

What sites are you having problems with?

Firefox certainly will have bugs that affect certain websites, but I would suspect that much of what you are seeing are sites written specifically for IE6. Thats a problem with the website, not Firefox.

I really haven't experienced any problems of this sort, I installed Flash and those sites work fine for me. The only site I really had trouble with was ESPN and Microsoft. I wrote ESPN webmaster and started using SI. ESPN has since fixed their problem and it works fine for me now.

There isn't much you can do about that. But if the sites that are written specifically for IE6 are a problem, I think there is a plugin that will make Firefox mimic certain IE6 behaviors that are not standard. I personally don't want that since I went to Firefox to avoid all that in the first place. But if its a problem, you might try that. I have not used it and don't know exactly how it works, I don't know if it handles ActiveX or not.

Some folks prefer to stay with IE6 and don't mind the problems of having the browser and the operating system so closely entertwined. You may be one of those and thats fine. As long as you have a firewall, anti-virus, have your internet settings set properly, do all your updates, and watch out for security alerts you will probably be fine.

[JoJo Gunn]

(talk about browser hell, they're running IE on an HP Pavillion with Windows ME!).

Watch out now! So am I.

Amazing what a few tweaks/programs and another browser can do. Why spend good money on a Swiss cheese "upgrade" like Big Brother XP?

[KwasiOwusu]

"It's a beautiful word, let's preserve all of its natural wonder"

I am overcome with great sorrow at "not preserving the natural wonder" of that most profound of words.
How on earth do I make up for that horrendous crime? :)

[KwasiOwusu]

""Sorry...ad hominem attack.
Indicates lack of creativity, intelligence and sense of humor"

You started the ad hominem attacks.
You got the same thing back.
The "lack of creativity, intelligence and sense of humor" is on your side.

[Petronski]

How on earth do I make up for that horrendous crime?

Burn 1000 copies of Knoppix and hand them out at your local mall. LOL

[Dat Mon]

"You started the ad hominem attacks.
You got the same thing back."

Ill just crawl off, lick my wounds, and reboot Windows 2000.