Firefox Spoofing Bug Puts Passwords At Risk

jmke · 4th January 2008, 18:25

Aviv Raff, an Israeli researcher known for his work in hunting browser bugs, has revealed a Firefox spoofing vulnerability which could allow identity thieves to dupe users into giving up their password. According to Mr. Raff Firefox fails to sanitize single quotes and spaces in the 'Realm' value of an authentication header. Raff was quoted as saying 'This makes it possible for an attacker to create a specially crafted Realm value which will look as if the authentication dialog came from a trusted site.' This vulnerability was shown to be in the latest Firefox, version 2.0.0.11 and until Mozilla fixes this vulnerability Mr. Raff recommends in his blog 'not to provide username and password to Web sites which show this dialog.'

http://www.pcworld.com/article/id,14...1/article.html

4th January 2008, 18:25	#1
jmke Madshrimp Join Date: May 2002 Location: 7090/Belgium Posts: 82,473	Firefox Spoofing Bug Puts Passwords At Risk Aviv Raff, an Israeli researcher known for his work in hunting browser bugs, has revealed a Firefox spoofing vulnerability which could allow identity thieves to dupe users into giving up their password. According to Mr. Raff Firefox fails to sanitize single quotes and spaces in the 'Realm' value of an authentication header. Raff was quoted as saying 'This makes it possible for an attacker to create a specially crafted Realm value which will look as if the authentication dialog came from a trusted site.' This vulnerability was shown to be in the latest Firefox, version 2.0.0.11 and until Mozilla fixes this vulnerability Mr. Raff recommends in his blog 'not to provide username and password to Web sites which show this dialog.' http://www.pcworld.com/article/id,14...1/article.html __________________

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Firefox master password recovery tool	jmke	WebNews	0	2nd September 2009 12:40
Time to check your WPA/WPA2 WLAN Passwords	jmke	WebNews	0	17th January 2009 14:49
Next Firefox 3.1 Beta Date Announced	jmke	WebNews	0	5th August 2008 22:25
Firefox 3 - Beta 1 is available.	Mr Robot	Portable Storage, Games, Consoles, Laptops, Phones, Multimedia and Gadget News	0	22nd November 2007 11:18
IE flaw puts Windows XP SP2 at risk	Sidney	WebNews	3	6th February 2007 18:25
INQ: Internet Explorer 7 suffers from Firefox bug too	Mr Robot	Portable Storage, Games, Consoles, Laptops, Phones, Multimedia and Gadget News	0	24th November 2006 08:54
INQ: Firefox gives passwords away	Mr Robot	Portable Storage, Games, Consoles, Laptops, Phones, Multimedia and Gadget News	0	22nd November 2006 14:20
Bug fixes lead to Firefox 2 RC3	jmke	WebNews	0	18th October 2006 08:51
Firefox 1.0.2 Released	jmke	WebNews	1	17th April 2005 22:16
Mozilla and Firefox flaws exposed	jmke	WebNews	0	7th January 2005 14:12