Closed Bug 465533 Opened 16 years ago Closed 16 years ago

Alert dialog masquerades as OS dialog, allows phishing

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Version:
3.0 Branch
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 402401

People

(Reporter: johnjbarton, Unassigned)

Details

Attachments

(1 file)

screen capture from phishing site
24.44 KB, image/jpeg
Details 
Please see the attached image, a copy of a Firefox alert dialog. 

A link on a legitimate site (Firebug google groups) 
http://groups.google.com/group/firebug/browse_thread/thread/e12455fd30a06944
*sometimes* results in an apparent Firefox crash:
  1) The browser vansishes,
  2) the attached dialog box appears,
  3) the site wants to install software on your machine "Recommended" apparently by Firefox or OS.

In fact the site has reduced the size of Firefox and covered it with the alert dialog.

This attack could be reduced by forcing the style of the common dialog alert box to be consistent with Firefox:
  1) The window icon should be the Firefox window icon,
  2) the navigation tool bar should be forced present (read only is ok),

I think it should also be required that the alert be positioned within the page boundary, eg a small window would not allow an alert.  (That would make the change above unnecessary.)
The problem is already described in bug 402401; please copy your suggested solutions there if you think my suggested solution of fixing bug 454779 isn't enough.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: