Firefox and Xulrunner vulnerability

ID USN-811-1
Type ubuntu
Reporter Ubuntu
Modified 2009-08-08T00:00:00


Juan Pablo Lopez Yacubian discovered that Firefox did not properly display invalid URLs. If a user were tricked into accessing a malicious website, an attacker could exploit this to spoof the location bar, such as in a phishing attack. Furthermore, if the malicious website had a valid SSL certificate, Firefox would display the spoofed page as trusted.