mozilla / firefox / thunderbird "Save Link Target As...

Open forum for security issues and info.
Forum rules
Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.
User avatar
foetz
Moderator
Moderator
Posts: 5637
Joined: Mon Apr 14, 2003 4:34 am
Contact:

mozilla / firefox / thunderbird "Save Link Target As...

Unread postby foetz » Tue Mar 15, 2005 9:48 am

following is true for 1.7.5 and below.
:!: :!: ff 1.0 AND tb 1.0 are based on 1.7.5 so they're affected, too :!: :!:

watch out before downloading or use the ff and tb versions with the date in their name.
mozilla 1.8x should be safe.


CRITICAL:
Not critical

IMPACT:
Spoofing

WHERE:
From remote

Description:
bitlance winter has discovered a weakness in Mozilla, which can be exploited by malicious people to trick users into saving malicious files by obfuscating URLs.

The status bar cannot be manipulated via script code in the default settings. However, it is still possible to display an incorrect URL in the status bar when hovering the mouse over a link, right clicking, and choosing "Save Link Target As...".

This can be exploited by including a nested link in a table inside a link.

The weakness is related to:
SA13015

Example:
<a href="[TRUSTED_URL]">
<table><tr><td>
<a href="[MALICIOUS_URL]">download
</a>
</td></tr></table>
</a>

The weakness has been confirmed in version 1.7.5. Other versions may also be affected.

Solution:
Never save files via untrusted sources.

Provided and/or discovered by:
bitlance winter
r-a-c.de

Return to “SGI: Security”

Who is online

Users browsing this forum: No registered users and 1 guest