LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-22-2006, 05:49 PM   #1
craigevil
Senior Member
 
Registered: Apr 2005
Location: OZ
Distribution: Debian Sid/RPIOS
Posts: 4,883
Blog Entries: 28

Rep: Reputation: 533Reputation: 533Reputation: 533Reputation: 533Reputation: 533Reputation: 533
Password-Phishing hole in Iceweasel, Firefox, Mozilla


Huge password-phishing hole in the mozilla family. The demo works "great" here with iceweasel and mozilla:
http://www.heise-security.co.uk/serv...password=test#

First exploits are reported from myspace.com

More here:
http://www.heise-security.co.uk/news/81419
 
Old 11-23-2006, 04:33 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Good one. Didn't work for me since JS wasn't enabled for the site (FF-1.5.0.7+Noscript+Privoxy) but the site clearly states disabling JS doesn't mean it's not vulnerable. Reading https://bugzilla.mozilla.org/show_bug.cgi?id=360493 gives more examples (also it seems this got reported aprox ten days ago). FF devs appear (IMHO) to be more concerned with fscking up their UI / release schedule than fixing this in the next release.
 
Old 11-23-2006, 08:44 AM   #3
Crito
Senior Member
 
Registered: Nov 2003
Location: Knoxville, TN
Distribution: Kubuntu 9.04
Posts: 1,168

Rep: Reputation: 53
Bugzilla thread says works with Internet Explorer too. Looks like Opera is only browser with a secure default behavior.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Some Nice Artwork for the Debian Fork of Firefox, IceWeasel rickh Debian 7 10-17-2006 01:08 PM
Firefox issues solved with Gnuzilla and IceWeasel craigevil Debian 2 10-03-2006 01:42 AM
LXer: Mozilla browser gets anti-phishing toolbar LXer Syndicated Linux News 0 12-15-2005 02:31 PM
LXer: Firefox 1.5 hole a minor problem claims Mozilla LXer Syndicated Linux News 0 12-09-2005 05:52 PM
LXer: Firefox 1.5 hole a minor problem claims Mozilla LXer Syndicated Linux News 0 12-09-2005 02:34 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:34 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration