Nekochan Net

Official Chat Channel: #nekochan // irc.nekochan.net
It is currently Sat Jul 26, 2014 11:14 am

All times are UTC - 8 hours


Forum rules


Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.



Post new topic Reply to topic  [ 5 posts ] 
Author Message
Unread postPosted: Sat Jul 31, 2004 5:32 pm 
Offline

Joined: Mon Apr 19, 2004 3:25 pm
Posts: 2783
Location: Los Angeles, CA
"A vulnerability has been reported in Mozilla and Mozilla Firefox, allowing malicious websites to spoof the user interface. The problem is that Mozilla and Mozilla Firefox don't restrict websites from including arbitrary, remote XUL (XML User Interface Language) files. This can be exploited to "hijack" most of the user interface (including tool bars, SSL certificate dialogs, address bar and more), thereby controlling almost anything the user sees.

The Mozilla user interface is built using XUL files. A PoC (Proof of Concept) exploit for Mozilla Firefox has been published. The PoC spoofs a SSL secured PayPal website. This has been confirmed using Mozilla 1.7 for Linux, Mozilla Firefox 0.9.1 for Linux, Mozilla 1.7.1 for Windows and Mozilla Firefox 0.9.2 for Windows. Prior versions may also be affected."

Mozilla bug# 244965
http://bugzilla.mozilla.org/show_bug.cgi?id=244965


Top
 Profile  
 
 Post subject:
Unread postPosted: Fri Aug 06, 2004 1:50 am 
Offline
Site Admin
Site Admin
User avatar

Joined: Thu Jan 23, 2003 1:31 am
Posts: 7970
Location: Pleasanton, California
Just an FYI that foetz has since uploaded Firefox 0.9.3 which addresses this bug.

_________________
Twitter: @neko_no_ko
IRIX Release 4.0.5 IP12 Version 06151813 System V
Copyright 1987-1992 Silicon Graphics, Inc.
All Rights Reserved.


Top
 Profile  
 
 Post subject:
Unread postPosted: Fri Aug 06, 2004 2:37 am 
Offline
Moderator
Moderator
User avatar

Joined: Sun Mar 30, 2003 4:29 am
Posts: 2476
Location: Kabul, Afghanistan, Asia
Hip hip hooray for foetz!

_________________
...only chemist in .af?
Eroteme.ch - eternally unfinished and never started


Top
 Profile  
 
 Post subject:
Unread postPosted: Fri Aug 06, 2004 9:17 am 
Offline
Moderator
Moderator
User avatar

Joined: Sun Mar 30, 2003 4:29 am
Posts: 2476
Location: Kabul, Afghanistan, Asia
Inst'd the new 0.9.3 from foetz, works like a charm. Great work.

_________________
...only chemist in .af?
Eroteme.ch - eternally unfinished and never started


Top
 Profile  
 
 Post subject:
Unread postPosted: Fri Aug 06, 2004 5:09 pm 
Offline
User avatar

Joined: Mon Apr 14, 2003 3:34 am
Posts: 5096
thanks as always :D

_________________
r-a-c.de


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group