1573 matches found
SSL "secure site" indicator spoofing — Mozilla
Various schemes were reported that could cause the "secure site" lock icon to appear and show certificate details for the wrong site. These could be used by phishers to make their spoofs look more legitimate, particularly in windows that hide the address bar showing the true location...
Window Injection Spoofing — Mozilla
A website can inject content into a popup opened by another site if the target name of the popup window is known. An attacker who knows you are going to visit that other site could spoof the contents of the popup...
Image drag and drop executable spoofing — Mozilla
Images dragged and dropped from a webpage to the desktop preserved their original name and extension. If this were an executable extension then the file would be executed rather than opened in a media application...
Unsafe /tmp/plugtmp directory exploitable to erase user's files — Mozilla
A predictable name is used for the plugin temporary directory. A malicious local user could symlink this to the victim's home directory and wait for the victim to run Firefox. When Firefox shuts down the victim's directory would be erased...
HTTP auth prompt tab spoofing — Mozilla
The HTTP authentication prompt appears above the currently open tab regardless of which tab triggered it. A spoofer who could get a user to open a high value target in another tab might be able to capture the user's ID and password. HTTP auth dialogs are visually distinct from the web form logins...
Download dialog spoofing using Content-Disposition header — Mozilla
Andreas Sandblad of Secunia Research demonstrated a method to spoof the download dialog for saving files by supplying a Content-Disposition header with a different extension than the extension visible in the link and download dialog. Users could be tricked into downloading a safe-looking file suc...
Spoofing download and security dialogs with overlapping windows — Mozilla
Michael Krax demonstrates that the download dialog and security dialogs can be spoofed by partially covering them with an overlapping window. Some users may not notice the OS window border and browser statusbar bisecting what appears to be a single dialog, and be convinced by the spoofing text of...
Internationalized Domain Name (IDN) homograph spoofing — Mozilla
Internationalized Domain Names IDN allow non-English speakers to use domains in their local language. Because many supported characters are similar to other if not identical in some fonts there is the possibility this could be used to construct perfect, indistinguishable phishing sites...
Plugins can be used to load privileged content — Mozilla
Plugins such as flash can be used to load privileged content into a frame. Once loaded various spoofs can be applied to get the user to interact with the privileged content. Michael Krax's "Fireflashing" example demonstrates that an attacker can open about:config in a frame, hide it with an opaci...
Download dialog source spoofing — Mozilla
The true source of a download can be disguised by using a host name long enough that the most significant parts are truncated. Spoofing can be made even more convincing on windows if the subdomain labels contain a string of non-breaking space characters...
Heap overflow possible in UTF8 to Unicode conversion — Mozilla
It is possible for a UTF8 string with invalid sequences to trigger a heap overflow of converted Unicode data. Exploitability would depend on the attackers ability to get the string into the buggy converter. General web content is converted elsewhere but we can't rule out the possibility of a...
javascript: Livefeed bookmarks can steal cookies — Mozilla
Earlier versions of Firefox allowed javascript: and data: URLs as Livefeed bookmarks. When they updated the URL would be run in the context of the current page and could be used to steal cookies or data displayed on the page...
Mail responds to cookie requests — Mozilla
Mozilla mail clients from March to December 2004 responded to cookie requests accompanying content loaded over HTTP, ignoring the setting of the preference "network.cookie.disableCookieForMailNews" disabled cookies are the default in mail...
Link opened in new tab can load a local file — Mozilla
Links with a custom getter and toString method can bypass checks intended to prevent web content from linking to local files and "chrome" URIs if the user can be convinced to middle-click or control-click to open it in a new tab. The browser's "same-origin" policy prevents the attacker's content...
Secure site lock can be spoofed with view-source: — Mozilla
Kohei Yoshino reports the secure site lock icon can be spoofed by using a view-source: URL targeted at the secure site whose credentials you want to appropriate. An insecure page of the attackers choice can then be loaded while the lock icon shows the previous secure state...
Opened attachments are temporarily saved world-readable — Mozilla
Mozilla software released after March 2004 saves some temporary files with world-readable permissions. In the browser this is primarily content fed to helper applications for example, PDF files, and in the mail clients it is attachments...
Secure site lock can be spoofed with a binary download — Mozilla
While on an insecure page triggering a load of a binary file from a secure server will cause the SSL lock icon to appear. The certificate information is that of the binary file's host, while the location bar URL correctly shows the original insecure page...
Synthetic middle-click event can steal clipboard contents — Mozilla
Script-generated middle-click events can steal clipboard contents on systems where that action is a paste. Middle-click paste is the default behavior on Unix systems, and a hidden option elsewhere...
Heap overrun handling malicious news: URL — Mozilla
Maurycy Prodeus of iSEC Security Research reports a heap overrun in processing certain news: URLs. Thunderbird and the Mozilla Suite are affected; Firefox does not support the news: scheme...
Browser responds to proxy auth request from non-proxy server (ssl/https) — Mozilla
If a proxy is configured the browser would respond to a 407 proxy auth request from any SSL-connected server rather than only responding to the configured proxy server. This could leak NTLM or SPNEGO credentials outside the organization...
Input stealing from other tabs — Mozilla
Jakob Balle of Secunia reported two vulnerabilities in windows with multiple tabs. Malicious content in a background tab can attempt to steal information intended for the topmost tab by popping up prompt dialog that appears to come from the trusted site, or by silently redirecting input focus to ...
Script-generated event can download without prompting — Mozilla
Script-generated click events were indistinguishable from true clicks. Combined with the Firefox Alt+click feature that downloads links to the default location without prompting this could be used by malicious sites to place executables or other malware onto a windows user's desktop without their...
javascript: links in Thunderbird launch Internet Explorer — Mozilla
Clicking on javascript: links in Thunderbird launched the default handler for that scheme registered with the OS. On the Windows operating system Internet Explorer is the default handler for the javascript: scheme even when Firefox is the default browser...