new Firefox vulnerability [Archive] - Yamaha Forum : Your Yamaha Motor Products Community & Resource


Yamaha Forum : Your Yamaha Motor Products Community & Resource > The Lounge > Computer Talk > new Firefox vulnerability PDA : new Firefox vulnerability shagzomatic 01-04-2008, 08:31 AM from /. (http://it.slashdot.org/article.pl?sid=08/01/04/146213): Aviv Raff, an Israeli researcher known for his work in hunting browser bugs, has revealed a Firefox spoofing vulnerability which could allow identity thieves to dupe users into giving up their password (http://www.pcworld.com/article/id,140997-pg,1/article.html). According to Mr. Raff Firefox fails to sanitize single quotes and spaces in the 'Realm' value of an authentication header. Raff was quoted as saying 'This makes it possible for an attacker to create a specially crafted Realm value which will look as if the authentication dialog came from a trusted site.' This vulnerability was shown to be in the latest Firefox, version 2.0.0.11 and until Mozilla fixes this vulnerability Mr. Raff recommends in his blog 'not to provide username and password to Web sites which show this dialog.' KWComp 01-04-2008, 09:29 AM Wow.........Can this spoof be avoided by making sure you directly type in the URL to where you are logging into though, as opposed to following a link there? shagzomatic 01-04-2008, 09:36 AM Just pay close attention to where you are, and what your address bar says. Don't just blindly start entering password info when websites ask for it. gcain 01-04-2008, 02:44 PM Is it just me or is this one of the stupidest exploits around. If the url reads www.somesite.com and the realm is DifferentSite chances are something isn't right. This is in the same league as the 'eBay' emails I received asking me to click on www.ebay.com.nigeriahackers.com/blahblah and verify my info. Like the post above says, if the users just "read" what was on the screen instead of blindly clicking and accepting 99% of issues would never occur. R1Lover 01-04-2008, 03:07 PM Is it just me or is this one of the stupidest exploits around. If the url reads www.somesite.com (http://www.somesite.com) and the realm is DifferentSite chances are something isn't right. This is in the same league as the 'eBay' emails I received asking me to click on www.ebay.com.nigeriahackers.com/blahblah (http://www.ebay.com.nigeriahackers.com/blahblah) and verify my info. Like the post above says, if the users just "read" what was on the screen instead of blindly clicking and accepting 99% of issues would never occur. :bow It IS that simple..... but some people are amazingly stupid.... lol shagzomatic 01-04-2008, 03:50 PM :bow It IS that simple..... but some people are amazingly stupid.... lol :+1 You wouldn't believe how many people just click without reading. It's disgusting. fjorn 01-04-2008, 06:54 PM You wouldn't believe how many people just respond to the last post without ever reading the entire thread. :mock valerossi 01-04-2008, 07:14 PM Please enter your password in the next post, thank you. :) Junior 01-04-2008, 08:52 PM :bow It IS that simple..... but some people are amazingly stupid.... lol amen to that. Anything to do with finances, don't EVER click a bloody link from an email or an outside website. TYPE the url in, period. Please enter your password in the next post, thank you. Valesbasementmegagay :badteeth !Ron 01-05-2008, 06:29 AM Please enter your password in the next post, thank you. :) User ID: !Ron PW: Ihavea10inpenor Bogie 01-05-2008, 06:50 AM User ID: !Ron PW: Ihavea10inpenor BS!!! :lmao