Triaging clayton's bug list... Re-assigning this to Mitch Stoltz. Ccing Patrick Beard, David Hyatt, Ben Goodger.
Assignee: clayton → mstoltz
Status: NEW → UNCONFIRMED
Hmm, yes, this problem is hairy. In the brave new Mozilla world, it seems that no piece of screen or window real estate is unspoofable. Should we do like Java and put a warning bar on the bottom of every window created by web scripts? Or is there a more elegant solution?
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Target Milestone: --- → Future
the example given appears to use LAYERs to create lookalike dialogs. I'm sure someone could come up with a pixel perfect look too... this is entirely possible in 4.x, and in Mozilla. There's nothing new or special about this ability, and it seems it'd be impossible to detect or prevent either.
It is/was a waste to put bars of text at the bottom of each web-generated window. The attacker work-around is to use the graphical context to display something that *looks* just like a dialog box on top of the context :-/. Most folks don't try to drag a dialog before typing, so they would have no way to detect this attack. In 4.x this attack was demonstrated *including* support for dragging the "simulated" pop-up dialog, so long as the dragging didn't go "too" far (re: off the graphical context). There is no nice work around given our current approach. The traditional two methods are a) reserved real estate; b) reserved key strokes (example: Win NT uses ctrl-alt-del). We can really support neither. We have always faced this problem. One possible approach is to try to use temporal separation, and have the passwords entered *only* as the app is first coming up, rather than "as needed." Although the spoofing may look a little better with mozilla, this is really a known problem that has been with us a long time.
QA to czhang
QA Contact: czhang
This is awful! Isn't there something that can be done, at least in this specific case? AOL uses a special icon to distinguish its orriginal mail from spoofers. How about a special icon for the control menu (in Windows) or a special "authentic" icon in the status bar of dialogs similar to the lock for SSL. Although this wouldn't fix the case in which an image of the entire dialog is embedded in a page, it'll at least stop hackers from generating false Mozilla dialogs.
No matter how we structure our program, some clever attacker can always write a program that simulates whatever we attempt to keep exclusive to our own program. This is the risk we take in letting our browser run untrusted code. A Java applet can be written that makes it look like your Macintosh has crashed, and naive users will assume that Mozilla caused the crash. On the AOL service, there are many examples where folks send out URLs to fake web pages that use graphics stolen from AOL's official sites, and encourage people to enter their AOL account passwords. I don't know how successful these are, but clearly they work well enough to warrant there continued attempts. How could we prevent those kinds of attacks?
Mass changing QA to ckritzer.
QA Contact: junruh → ckritzer
*** This bug has been marked as a duplicate of 64676 ***
Status: ASSIGNED → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → DUPLICATE
We can't prevent spoofing, but we should probably make it harder by putting some sort of notice on the window. That's covered in 64676.
Verified DUPLICATE on: MacOS90 2001-02-13-04-Mtrunk LinRH62 2001-02-13-06-Mtrunk MOZILLA Win98SE 2001-02-13-06-Mtrunk
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.