Bugtraq mailing list archives
Re: Firefox: about:blank is phisher's best friend
From: Florian Weimer <fw () deneb enyo de>
Date: Thu, 22 Feb 2007 21:27:58 +0100
* Michal Zalewski:
Similarly, he could spoof a native browser-originating modal warning or dialog to have the user do something dumb. This problem was addressed by forcibly prepending current site name to window title for all URL-bar-less windows, so that the Internet origin of such a pop-up is clear, and so that it will have a hard time mimicking a native window.
This is the first time I read about the forced window title change. I hadn't noticed it earlier. Do you think this is a good enough security indicator (or indicator of origin, to be more precise)?
Current thread:
- Firefox: about:blank is phisher's best friend Michal Zalewski (Feb 16)
- RE: Firefox: about:blank is phisher's best friend Michael Wojcik (Feb 20)
- Re: Firefox: about:blank is phisher's best friend Florian Weimer (Feb 22)
- Re: Firefox: about:blank is phisher's best friend Michal Zalewski (Feb 22)
- <Possible follow-ups>
- Re: Firefox: about:blank is phisher's best friend zonafirefox (Feb 17)
- Re: Firefox: about:blank is phisher's best friend Michal Zalewski (Feb 17)