RE: New possible scam method : forged websites using XUL (Firefox)

["Thomas T. Evans, III" <ttevans () hawkcorp net>]

I have added SpoofStick (http://www.corestreet.com/spoofstick/) to both IE
and Firefox. With the Firefox spoof shown on the cited page, SpoofStick gets
moved and shows blank for "You're On". Not an outstanding warning, but
useful if you are watching.


Thomas T. Evans, III CCNA
Senior Network Manager
Hawk Corporation
ttevans () hawkcorp net
216-267-7787 Ext. 500
Cell: 440-669-2526
Fax: 917-464-7241
President, MFG/Pro Midwest User Group

"The difference between genius and stupidity is that genius has limits"
--Albert Einstein
 



-----Original Message-----
From: Marc [mailto:md () nomensa com] 
Sent: Saturday, July 31, 2004 7:16 AM
To: bugtraq () securityfocus com
Subject: Re: New possible scam method : forged websites using XUL (Firefox)

The latest version of Firefox is 0.9.2.

> The developers of Mozilla are currently looking into various
> methods to make a fake user interface more obvious.  The most
> likely solution will be to force the status bar to always be
> visible, as Microsoft will do with IE6 SP2.

This appears to be the case with 0.9.2.
The spoofed PayPal site (from
http://www.nd.edu/~jsmith30/xul/test/spoof.html) cannot hide FireFox's
status bar - so you get 2 status bars displayed.

Even so, the site is incredibly convincing, and I suspect the average user
would be understandably fooled.

Since the CERT recommendation, Mozilla browsers are gaining ground.  Firefox
is now the browser of choice throughout the company I work for.

I suspect the best defence will be to block all xul on the proxy.

Marc Deglos.


----- Original Message -----
From: "David Ahmad" <da () securityfocus com>
To: <bugtraq () securityfocus com>
Sent: Friday, July 30, 2004 10:05 PM
Subject: Fwd: New possible scam method : forged websites using XUL (Firefox)