Full Disclosure mailing list archives

Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication

From: "avivra" <avivra () gmail com>
Date: Thu, 3 Jan 2008 08:12:06 +0200

Summary
Mozilla Firefox allows spoofing the information presented in the basic
authentication dialog box. This can allow an attacker to conduct phishing
attacks, by tricking the user to believe that the authentication dialog box
is from a trusted website.

Affected versions
Mozilla Firefox v2.0.0.11. 
Prior versions and other Mozilla products may also be affected.

http://aviv.raffon.net/2008/01/02/YetAnotherDialogSpoofingFirefoxBasicAuthen
tication.aspx


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication avivra (Jan 02)
- Re: Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication Michal Zalewski (Jan 03)
  - Re: Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication avivra (Jan 03)