[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87hctehr8x.fsf@mid.deneb.enyo.de>
Date: Thu, 22 Feb 2007 21:27:58 +0100
From: Florian Weimer <fw@...eb.enyo.de>
To: Michal Zalewski <lcamtuf@...ne.ids.pl>
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: Re: Firefox: about:blank is phisher's best friend
* Michal Zalewski:
> Similarly, he could spoof a native browser-originating modal warning or
> dialog to have the user do something dumb. This problem was addressed by
> forcibly prepending current site name to window title for all URL-bar-less
> windows, so that the Internet origin of such a pop-up is clear, and so
> that it will have a hard time mimicking a native window.
This is the first time I read about the forced window title change. I
hadn't noticed it earlier. Do you think this is a good enough
security indicator (or indicator of origin, to be more precise)?
Powered by blists - more mailing lists