 |  |  |  |  |
Firefox Spoofing Bug Puts Passwords At Risk
| |||||||||
|
Firefox Spoofing Bug Puts Passwords At Risk
| | |||||||
 |
 |
| | Thread Tools |
4th January 2008, 17:25
| #1 |
| Madshrimp  Join Date: May 2002 Location: 7090/Belgium
Posts: 79,021
 |  Firefox Spoofing Bug Puts Passwords At Risk Aviv Raff, an Israeli researcher known for his work in hunting browser bugs, has revealed a Firefox spoofing vulnerability which could allow identity thieves to dupe users into giving up their password. According to Mr. Raff Firefox fails to sanitize single quotes and spaces in the 'Realm' value of an authentication header. Raff was quoted as saying 'This makes it possible for an attacker to create a specially crafted Realm value which will look as if the authentication dialog came from a trusted site.' This vulnerability was shown to be in the latest Firefox, version 2.0.0.11 and until Mozilla fixes this vulnerability Mr. Raff recommends in his blog 'not to provide username and password to Web sites which show this dialog.' http://www.pcworld.com/article/id,14...1/article.html
__________________  |
|  |
|
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Firefox master password recovery tool | jmke | WebNews | 0 | 2nd September 2009 11:40 |
| Time to check your WPA/WPA2 WLAN Passwords | jmke | WebNews | 0 | 17th January 2009 13:49 |
| Next Firefox 3.1 Beta Date Announced | jmke | WebNews | 0 | 5th August 2008 21:25 |
| IE flaw puts Windows XP SP2 at risk | Sidney | WebNews | 3 | 6th February 2007 17:25 |
| Bug fixes lead to Firefox 2 RC3 | jmke | WebNews | 0 | 18th October 2006 07:51 |
| Firefox 1.0.2 Released | jmke | WebNews | 1 | 17th April 2005 21:16 |
| Mozilla and Firefox flaws exposed | jmke | WebNews | 0 | 7th January 2005 13:12 |
| Thread Tools | |
| |
