| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 2 Aug 2004 20:15:20 +0100 From: "Marc" <md@...ensa.com> To: <bugtraq@...urityfocus.com> Subject: Re: New possible scam method : forged websites using XUL (Firefox) 'Tis true - the "Hide the status bar" is unchecked....and checking it DOES allow the status bar to be hidden on the spoof site. The "Hide the status bar" option is unchecked with a *default* installation of Firefox 0.9.2. Marc. ----- Original Message ----- From: "Nicholas Knight" <nknight@...awaynet.com> To: <bugtraq@...urityfocus.com> Sent: Sunday, August 01, 2004 8:43 PM Subject: Re: New possible scam method : forged websites using XUL (Firefox) > Marc wrote: > > > The latest version of Firefox is 0.9.2. > > > > > >>The developers of Mozilla are currently looking into various > >>methods to make a fake user interface more obvious. The most > >>likely solution will be to force the status bar to always be > >>visible, as Microsoft will do with IE6 SP2. > > > > > > This appears to be the case with 0.9.2. > > Tools -> Options -> Web Features -> Advanced button by Java/Javascript > check boxes. I'll bet you have "Hide the status bar" unchecked. > > This caught me for a moment, too, then I remembered I always disable > everything in the Advanced JavaScript Options box, and that's one of > them. So users actually have a defence right now, but they have to > specifically set it themselves. >
Powered by blists - more mailing lists