Re: New possible scam method : forged websites using XUL (Firefox)

["Marc" <md () nomensa com>]

The latest version of Firefox is 0.9.2.

> The developers of Mozilla are currently looking into various
> methods to make a fake user interface more obvious.  The most
> likely solution will be to force the status bar to always be
> visible, as Microsoft will do with IE6 SP2.

This appears to be the case with 0.9.2.
The spoofed PayPal site (from
http://www.nd.edu/~jsmith30/xul/test/spoof.html) cannot hide FireFox's
status bar - so you get 2 status bars displayed.

Even so, the site is incredibly convincing, and I suspect the average user
would be understandably fooled.

Since the CERT recommendation, Mozilla browsers are gaining ground.  Firefox
is now the browser of choice throughout the company I work for.

I suspect the best defence will be to block all xul on the proxy.

Marc Deglos.


----- Original Message -----
From: "David Ahmad" <da () securityfocus com>
To: <bugtraq () securityfocus com>
Sent: Friday, July 30, 2004 10:05 PM
Subject: Fwd: New possible scam method : forged websites using XUL (Firefox)