FLAW in FIREFOX leaves it wide open for phishing scams :(

[VIPER_1069]

source Secunia Research


FLAW IN FIREFOX open to phishers

A security flaw in the increasingly popular Firefox browser is exposing millions of users to phishing scams, security experts have warned.
Jakob Balle, security specialist at Secunia Research, said that the vulnerability in Firefox and Mozilla allows malicious hackers to execute phishing scams by spoofing the source URL displayed in the browser's Download Dialog box.
"The problem is that long sub-domains and paths are not displayed correctly, which can be exploited to obfuscate what is being displayed in the source field of the Download Dialog box," he said.
A Secunia Research advisory stated that the "less critical" vulnerability has been confirmed in Mozilla 1.7.3 for Linux, Mozilla 1.7.5 for Windows, and Mozilla Firefox 1.0. It added that "other versions may also be affected".
"Currently, no solution is available. However, the vendor reports that this vulnerability will be fixed in upcoming versions of the affected products," Secunia stated.
Balle urged users not to follow download links from untrusted sources

 

[serjer]

damn ,but thx 4 heads up m8

 

[VIPER_1069]

no worries serjer mate ...even tho im not a user of it i will still always provide vital information

 

[roadworker]

Seems that the security experts of Secunia Research neve heard of the spoofstick extension .....
A very convieniant way to check url's.....

 

[scarecrow]

Seems that the security experts of Secunia Research neve heard of the spoofstick extension .....
A very convieniant way to check url's.....

Even if they did, they are supposed to scrutinize the vanilla browser and not a tweaked one.