LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Password-Phishing hole in Iceweasel, Firefox, Mozilla
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-22-2006, 05:49 PM   #1
craigevil
Senior Member
 
Registered: Apr 2005
Location: Heaven
Distribution: Debian Sid/RPIOS
Posts: 4,917
Blog Entries: 29

Rep: Reputation: 541Reputation: 541Reputation: 541Reputation: 541Reputation: 541Reputation: 541
Password-Phishing hole in Iceweasel, Firefox, Mozilla

Huge password-phishing hole in the mozilla family. The demo works "great" here with iceweasel and mozilla:
http://www.heise-security.co.uk/serv...password=test#

First exploits are reported from myspace.com

More here:
http://www.heise-security.co.uk/news/81419
 
Old 11-23-2006, 04:33 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,417
Blog Entries: 55

Rep: Reputation: 3627Reputation: 3627Reputation: 3627Reputation: 3627Reputation: 3627Reputation: 3627Reputation: 3627Reputation: 3627Reputation: 3627Reputation: 3627Reputation: 3627
Good one. Didn't work for me since JS wasn't enabled for the site (FF-1.5.0.7+Noscript+Privoxy) but the site clearly states disabling JS doesn't mean it's not vulnerable. Reading https://bugzilla.mozilla.org/show_bug.cgi?id=360493 gives more examples (also it seems this got reported aprox ten days ago). FF devs appear (IMHO) to be more concerned with fscking up their UI / release schedule than fixing this in the next release.
 
Old 11-23-2006, 08:44 AM   #3
Crito
Senior Member
 
Registered: Nov 2003
Location: Knoxville, TN
Distribution: Kubuntu 9.04
Posts: 1,168

Rep: Reputation: 53
Bugzilla thread says works with Internet Explorer too. Looks like Opera is only browser with a secure default behavior.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Some Nice Artwork for the Debian Fork of Firefox, IceWeasel rickh Debian 7 10-17-2006 01:08 PM
Firefox issues solved with Gnuzilla and IceWeasel craigevil Debian 2 10-03-2006 01:42 AM
LXer: Mozilla browser gets anti-phishing toolbar LXer Syndicated Linux News 0 12-15-2005 02:31 PM
LXer: Firefox 1.5 hole a minor problem claims Mozilla LXer Syndicated Linux News 0 12-09-2005 05:52 PM
LXer: Firefox 1.5 hole a minor problem claims Mozilla LXer Syndicated Linux News 0 12-09-2005 02:34 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:52 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration