Closed
Bug 228324
Opened 21 years ago
Closed 21 years ago
Vulnerability in the Mozilla
Categories
(Core :: Security, defect)
Tracking
()
VERIFIED
DUPLICATE
of bug 228176
People
(Reporter: caio_sm, Assigned: security-bugs)
Details
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031007
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031007
Designer British of 18 years it divulged this week a new technique to use to
advantage itself of a breach of old security in navigator Internet Explorer
(IE), that it can cause migraine to internautas. Using the described method, it
can be taken the users of the program to visit sites false, believing to be in
true sites. The imperfection happens when a code DHTML (HTML Dinâmico) cause
problems of purification of URLs (addresses) in the navigator, what it allows
that the creator of the code determines that URL will be shown in the bar of
addresses of the IE. The malicious URL can together be recognized for the
presence of code "%01" with the signal "@", that it marks the end of the false
address and the start of the true one. The signal of @ is normally used in URLs
to indicate the authentication of users and passwords, in the following format:
simply http://usuario@dominio/pagina http://usuario:senha@dominio/pagina or.
Substituting the name of the user for the address of a site it is possible to
thus create a trick sufficiently known, that makes a false page to seem
legitimate,: http://endereco_falso@endreco_verdadeiro. But the current technique
goes a step beyond, when inserting the code?%01? before @. the This it makes
with that the true address (of the aggressor) simply disappears in the bar of
the navigator and the user sees only the address of the site that if wants to
imitate. according to site of VSAntivirus security, the imperfection alone
happens in navigators who have activated the ActiveX resource. In case that
contrary, the user will see the URL malicious of the following form:
http://endereco_falso%01@endereco_verdadeiro. It would like to inform, that I
made the available test for the Secunia through the site:
http://www.secunia.com/internet_explorer_address_bar_spoofing_test/ and I
evidenced that the Mozilla also to be vulnerable beyond the Internet Explorer.
Reproducible: Always
Steps to Reproduce:
1.
2.
3.
It would like to also inform that I use the Slackware Linux 9.1 with kernel 2.4.23
Comment 1•21 years ago
|
||
this sounds like a duplicate of bug 228176.
Comment 2•21 years ago
|
||
*** This bug has been marked as a duplicate of 221876 ***
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
Comment 3•21 years ago
|
||
neil: almost :)
reopening to dupe to the correct bug
Status: RESOLVED → UNCONFIRMED
Resolution: DUPLICATE → ---
Comment 4•21 years ago
|
||
*** This bug has been marked as a duplicate of 228176 ***
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago → 21 years ago
Resolution: --- → DUPLICATE
Comment 5•21 years ago
|
||
clearing security flag, as the other bugs about this are public and it was
mentioned on the web too
Group: security
You need to log in
before you can comment on or make changes to this bug.
Description
•