| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <000e01c476ef$ba5b8d80$1900a8c0@pc1> Date: Sat, 31 Jul 2004 12:15:46 +0100 From: "Marc" <md@...ensa.com> To: <bugtraq@...urityfocus.com> Subject: Re: New possible scam method : forged websites using XUL (Firefox) The latest version of Firefox is 0.9.2. > The developers of Mozilla are currently looking into various > methods to make a fake user interface more obvious. The most > likely solution will be to force the status bar to always be > visible, as Microsoft will do with IE6 SP2. This appears to be the case with 0.9.2. The spoofed PayPal site (from http://www.nd.edu/~jsmith30/xul/test/spoof.html) cannot hide FireFox's status bar - so you get 2 status bars displayed. Even so, the site is incredibly convincing, and I suspect the average user would be understandably fooled. Since the CERT recommendation, Mozilla browsers are gaining ground. Firefox is now the browser of choice throughout the company I work for. I suspect the best defence will be to block all xul on the proxy. Marc Deglos. ----- Original Message ----- From: "David Ahmad" <da@...urityfocus.com> To: <bugtraq@...urityfocus.com> Sent: Friday, July 30, 2004 10:05 PM Subject: Fwd: New possible scam method : forged websites using XUL (Firefox)
Powered by blists - more mailing lists