LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Password-Phishing hole in Iceweasel, Firefox, Mozilla
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 11-22-2006, 05:49 PM   #1
craigevil
Senior Member
 
Registered: Apr 2005
Location: OZ
Distribution: Debian Sid
Posts: 4,455
Blog Entries: 11

Rep: Reputation: 389Reputation: 389Reputation: 389Reputation: 389
Password-Phishing hole in Iceweasel, Firefox, Mozilla

Huge password-phishing hole in the mozilla family. The demo works "great" here with iceweasel and mozilla:
http://www.heise-security.co.uk/serv...password=test#

First exploits are reported from myspace.com

More here:
http://www.heise-security.co.uk/news/81419
 
Old 11-23-2006, 04:33 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 21,610
Blog Entries: 47

Rep: Reputation: 1413Reputation: 1413Reputation: 1413Reputation: 1413Reputation: 1413Reputation: 1413Reputation: 1413Reputation: 1413Reputation: 1413Reputation: 1413
Good one. Didn't work for me since JS wasn't enabled for the site (FF-1.5.0.7+Noscript+Privoxy) but the site clearly states disabling JS doesn't mean it's not vulnerable. Reading https://bugzilla.mozilla.org/show_bug.cgi?id=360493 gives more examples (also it seems this got reported aprox ten days ago). FF devs appear (IMHO) to be more concerned with fscking up their UI / release schedule than fixing this in the next release.
 
Old 11-23-2006, 08:44 AM   #3
Crito
Senior Member
 
Registered: Nov 2003
Location: Knoxville, TN
Distribution: Kubuntu 9.04
Posts: 1,168

Rep: Reputation: 53
Bugzilla thread says works with Internet Explorer too. Looks like Opera is only browser with a secure default behavior.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Some Nice Artwork for the Debian Fork of Firefox, IceWeasel rickh Debian 7 10-17-2006 01:08 PM
Firefox issues solved with Gnuzilla and IceWeasel craigevil Debian 2 10-03-2006 01:42 AM
LXer: Mozilla browser gets anti-phishing toolbar LXer Syndicated Linux News 0 12-15-2005 02:31 PM
LXer: Firefox 1.5 hole a minor problem claims Mozilla LXer Syndicated Linux News 0 12-09-2005 05:52 PM
LXer: Firefox 1.5 hole a minor problem claims Mozilla LXer Syndicated Linux News 0 12-09-2005 02:34 PM


All times are GMT -5. The time now is 04:34 PM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
 
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration