Yet another browser vulnerability

S

scarecrow

1
Taken from www.mozillazine.org

The latest nightly builds of Mozilla feature a fix for the URL spoofing security vulnerability discovered in several browsers last month. A patch was checked in to the trunk and 1.6 branch yesterday, meaning that both the forthcoming Mozilla 1.6 and Mozilla Firebird 0.8 will be immune to the flaw.

In vulnerable versions of Mozilla, the address displayed in the Status Bar while hovering over a link is truncated if the characters %00 are present in the URL of the destination page. An attacker could exploit this to make a link that goes to http://www.microsoft.com@evilscam.net (real location evilscam.net) but appears in the Status Bar as simply http://www.microsoft.com. By fooling a user into believing that he or she is visiting a trusted site, an attacker could trick him or her into revealing sensitive information such as credit card details.

The flaw was originally detected in Microsoft Internet Explorer before also being spotted in Mozilla. The IE variant is more serious, however, as it affects not only the URL displayed in the Status Bar but also the URL shown Address Bar after following a spoofed link. At the time of writing, Microsoft has acknowledged the problem but not yet issued a patch.

Full technical details of the fix are in bug 228176 ( http://bugzilla.mozilla.org/show_bug.cgi?id=228176 ). The Secunia Internet Explorer Address Bar Spoofing Test page ( http://www.secunia.com/internet_explorer_address_bar_spoofing_test )allows browser users to check whether their software is vulnerable.
 
Last edited:
VIPER_1069

VIPER_1069

1
I EXPLORER fails miserably as ever lol :(

OPERA 7.20 PASSED no problems with OPERA 7.20 :)

whooooot microsoft I.E. sux anyhow yeah i knowa lot of you dislike OPERA but hey in this case it passed this test :)

result just shows the address being spoofed in the address bar and goes no where :)
 
L

LTR12101B

1
Beware of the so-called "fix" that looks like it might be a bigger worry than the original problem.

http://asia.cnet.com/newstech/security/0,39001150,39161990,00.htm

This supposed "patch" sends URLS via their server for correction
- It looks like they may have revised this, but there is still a major trust issue.

Proxomitron filters may be a better way of dealing with this in unpatched IE, or moving to Mozilla Trunk or 1.6 when released, as this is now clear of the vulnerability - even on Win9x platforms where there will be NO IE update.
 
PC-GUY

PC-GUY

1
VIPER_1069 said:
I EXPLORER fails miserably as ever lol :(

OPERA 7.20 PASSED no problems with OPERA 7.20 :)

whooooot microsoft I.E. sux anyhow yeah i knowa lot of you dislike OPERA but hey in this case it passed this test :)

result just shows the address being spoofed in the address bar and goes no where :)
Click to expand...
IE suxs it definitely failed but mozilla not perfect either. It gave me and address of http://www.microsoft.com%01%00@secunia.com/internet_explorer_address_bar_spoofing_test/
which was good but I notice that the status bar showed it as (see pic).
So I guess its better but it needs some help.
But thanks for the heads up. :cool:
 

Attachments

L

LTR12101B

1
Firebird/Mozilla was 50% good before the fix, which is recent ... you probably have half the vulnerability - eg. Address bar correct, but bottom status bar (on link hover) shows wrong - though the status bar is often javascripted to hell anyway!
 
serjer

serjer

1
sounds like u gonna make me d/l a new FB0.7+build or aebrahim latest FB build :D:D
btw anyone on this forum willing 2 make his own FB/TB build & willing 2 share ?:D
 
Last edited:
You must log in or register to reply here.
Top