Closed
Bug 277503
Opened 20 years ago
Closed 20 years ago
phishing vulnerability discovered
Categories
(Firefox Build System :: General, defect)
Tracking
(Not tracked)
VERIFIED
DUPLICATE
of bug 275417
People
(Reporter: kennethj, Assigned: bryner)
Details
Firefox phishing vulnerability discovered
06.01.2005 17:44:11
Ingrid Marson
ZDNet UK
January 05, 2005, 15:30 GMT
A newly discovered flaw in Firefox could allow cybercriminals to take advantage
of Web surfers
A vulnerability in Firefox could make users of the open source browser more
likely to fall for phishing scams.
The flaw in Mozilla Firefox 1.0, details of which were published by Secunia on
Tuesday, allows malicious hackers to spoof the URL in the download dialog box
which pops up when a Firefox user tries to download an item from a Web site.
This flaw is caused by the dialog box incorrectly displaying long sub-domains
and paths, which can be exploited to conceal the actual source of the download.
Mikko Hyppönen, director of antivirus research at F-Secure, said this bug could
make Firefox users vulnerable to cybercriminals. "The most likely way we could
see this exploited would be in phishing scams," said Hyppönen.
To fall victim to such a scam, a Firefox user would have to click on a link in
an email that pointed to a spoofed Web site and then download malware from the
site, which would appear to be downloaded from a legitimate site.
This flaw was given a severity rating of two out of a possible five by Secunia.
David Emm, a senior technology consultant at antivirus company Kaspersky Labs,
said it is unlikely that phishers will take advantage of this exploit in Firefox
because Microsoft's Internet Explorer still dominates the browser market.
"I think it's unlikely that we'll see hackers rush to exploit this
vulnerability," said Emm. "After all, Firefox has a much, much smaller install
base than IE and it's likely that hackers will continue to pay more attention to
[IE] instead."
This may change in the future as Firefox has attracted a lot of interest in the
past few months. A survey at the end of November found that Mozilla-based
browsers, including Firefox, accounted for 7.4 percent of browsers in November
2004, up 5 percent from May.
The download vulnerability has been confirmed in Mozilla 1.7.3 for Linux,
Mozilla 1.7.5 for Windows, and Mozilla Firefox 1.0. No solution is available at
present, but Mozilla developers plan to fix this bug in an upcoming version of
the product.
Comment 1•20 years ago
|
||
If you read it in the press there's no point in marking it confidential.
*** This bug has been marked as a duplicate of 275417 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Updated•20 years ago
|
Group: security
Updated•20 years ago
|
Status: RESOLVED → VERIFIED
Updated•6 years ago
|
Component: Build Config → General
Product: Firefox → Firefox Build System
You need to log in
before you can comment on or make changes to this bug.
Description
•