Bugtraq mailing list archives
Re: Fwd: New possible scam method : forged websites using XUL (Firefox)
From: Justin Polazzo <jo () ojjo net>
Date: 2 Aug 2004 13:15:49 -0000
In-Reply-To: <20040730210508.GT19188 () securityfocus com> "The security implications of this trick were considered as early as 1999 in Mozilla Bug 22183 (http://bugzilla.mozilla.org/show_bug.cgi?id=22183). However, the Mozilla Foundation has kept the Bug confidential until recently, when a researcher noted the problem and published a particularly-effective demonstration, spoofing a "PayPal" login site (see http://www.nd.edu/~jsmith30/xul/test/spoof.html)." 5 Years to fix a vuln? I am not sure if even Microsoft has been that slow to confront a security flaw. Has anyone heard an explanation as to why this was kept confidential and swept under the rug until now? BTW: Thank you Mr. Smith for an excellent page. Jo
Current thread:
- Re: Fwd: New possible scam method : forged websites using XUL (Firefox) Justin Polazzo (Aug 02)
- Re: Fwd: New possible scam method : forged websites using XUL (Firefox) Peter J. Holzer (Aug 03)
- Message not available
- Re: Fwd: New possible scam method : forged websites using XUL (Firefox) Barry Fitzgerald (Aug 03)