[pchelpers] News:Monday blues: Firefox phishing flaw; Microsoftʼs anti-phishing patent

• From: John Durham <john.modec@xxxxxxxxxx>
• To: PC-Helpers <pchelpers@xxxxxxxxxxxxx>
• Date: Tue, 20 Feb 2007 08:05:57 +1300

Posted by Ryan Naraine @ 7:07 am

It's been a tough week for Firefox on the security front.

Just days after unpatched cookie manipulation and data hijack bugs are
flagged in the open-source browser, a security researcher is warning
that Firefox suffers from a design flaw that puts casual surfers at risk
of phishing attacks.

Here are three demos of the vulnerability, which was publicly disclosed
by Polish hacker Michal Zalewski. The weakness is confirmed in Firefox
2.0.0.1.

In the tests, Zalewski shows how it is possible for a script to open an
'about:blank' URL in a new tab with a blank address bar. The script can
then interact with this document as if it were a page in the same
domain, including the ability to inject custom HTML. 

More here:
http://blogs.zdnet.com/security/?p=42

Demos:
http://lcamtuf.coredump.cx/ffblank/

Cookie manipulation and hijack data bugs:
http://blogs.zdnet.com/security/?p=37
-- 
John Durham
Site http://modecideas.com
Server hosted on Ubuntu 4.10
Good advice is like good paint. It only works when applied.



-- 
-------list-services-below-----------
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription