Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Mozilla_FireFox_25-07-2004.txt

🗓️ 26 Jul 2004 00:00:00Reported by E. KellinisType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 24 Views

Firefox allows certificate spoofing via caching exploit leading to phishing risks.

Code
`#########################################  
Application: Firefox  
Vendors: http://www.mozilla.com  
Version: 0.9.1 / 0.9.2  
Platforms: Windows  
Bug: Certificate Spoofing (Phishing)  
Risk: High  
Exploitation: Remote with browser  
Date: 25 July 2004  
Author: Emmanouel Kellinis  
e-mail: me@cipher(dot)org(dot)uk  
web: http://www.cipher.org.uk  
List : BugTraq(SecurityFocus)  
ID: securityfocus.com/bid/10248/  
#########################################  
  
  
=======  
Product  
=======  
A popular Web browser,good alternative of IE and   
"The web browser" for linux machines,  
used to view pages on the World Wide Web.  
  
===  
Bug  
===  
  
Firefox has caching problem, as a result of that someone can   
spoof a certificate of any website and use it as his/her own.  
The problem is exploited using onunload inside < body> and   
redirection using Http-equiv Refresh metatag,document.write()  
and document.close()  
  
First you direct the redirection metatag to the website   
of which you want to spoof the certificate, then inside   
the < body> tag you add onulnoad script so you can control  
the output inside the webpage with the spoofed certificate.  
  
After that you say to firefox, as soon as you unload this page   
close the stream, aparently the stream you close is   
the one of the redirection's website, you do that with   
document.close().  
  
Now you can write anything you want , you do that   
using document.write(). After writing the content of you choice  
you close the stream again , usually firefox wont display your content,  
although if you check the source code you see it , so the last thing   
is to refresh the new page (do that using window.location.reload()),   
after that you have your domain name in the url field , your content   
in the browser and the magic yellow Lock on the bottom left corner,   
if you pass your mouse over it you will see displayed the name of   
the website you spoofed the certificate, if you double click on it you   
will check full information of the certificate without any warning !  
  
You dont need to have SSL in your website ! it will work with   
http.  
  
  
=====================  
Proof Of Concept Code  
=====================  
  
<HTML>  
<HEAD>  
<TITLE>Spoofer< /TITLE>  
<META HTTP-EQUIV="REFRESH" CONTENT="0;URL=https://www.example.com">  
</HEAD>  
<BODY   
onunload="  
document.close();  
document.writeln('<body onload=document.close();break;>  
<h3>It is Great to Use Example's Cert!');  
  
document.close();  
window.location.reload();  
">  
</body>  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
26 Jul 2004 00:00Current
7.4High risk
Vulners AI Score7.4
firefox browsercertificate spoofingphishing riskcaching problemremote exploitation
24