Bugtraq mailing list archives
Re: New possible scam method : forged websites using XUL (Firefox)
From: "Marc" <md () nomensa com>
Date: Sat, 31 Jul 2004 12:15:46 +0100
The latest version of Firefox is 0.9.2.
The developers of Mozilla are currently looking into various methods to make a fake user interface more obvious. The most likely solution will be to force the status bar to always be visible, as Microsoft will do with IE6 SP2.
This appears to be the case with 0.9.2. The spoofed PayPal site (from http://www.nd.edu/~jsmith30/xul/test/spoof.html) cannot hide FireFox's status bar - so you get 2 status bars displayed. Even so, the site is incredibly convincing, and I suspect the average user would be understandably fooled. Since the CERT recommendation, Mozilla browsers are gaining ground. Firefox is now the browser of choice throughout the company I work for. I suspect the best defence will be to block all xul on the proxy. Marc Deglos. ----- Original Message ----- From: "David Ahmad" <da () securityfocus com> To: <bugtraq () securityfocus com> Sent: Friday, July 30, 2004 10:05 PM Subject: Fwd: New possible scam method : forged websites using XUL (Firefox)
Current thread:
- Fwd: New possible scam method : forged websites using XUL (Firefox) David Ahmad (Jul 31)
- Re: New possible scam method : forged websites using XUL (Firefox) Marc (Jul 31)