Nekochan Net

Official Chat Channel: #nekochan //
It is currently Thu Nov 27, 2014 2:25 am

All times are UTC - 8 hours [ DST ]

Forum rules

Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.

Post new topic Reply to topic  [ 1 post ] 
Author Message
Unread postPosted: Tue Mar 15, 2005 10:48 am 
User avatar

Joined: Mon Apr 14, 2003 4:34 am
Posts: 5294
following is true for 1.7.5 and below.
:!: :!: ff 1.0 AND tb 1.0 are based on 1.7.5 so they're affected, too :!: :!:

watch out before downloading or use the ff and tb versions with the date in their name.
mozilla 1.8x should be safe.

Not critical


From remote

bitlance winter has discovered a weakness in Mozilla, which can be exploited by malicious people to trick users into saving malicious files by obfuscating URLs.

The status bar cannot be manipulated via script code in the default settings. However, it is still possible to display an incorrect URL in the status bar when hovering the mouse over a link, right clicking, and choosing "Save Link Target As...".

This can be exploited by including a nested link in a table inside a link.

The weakness is related to:

<a href="[TRUSTED_URL]">
<a href="[MALICIOUS_URL]">download

The weakness has been confirmed in version 1.7.5. Other versions may also be affected.

Never save files via untrusted sources.

Provided and/or discovered by:
bitlance winter


Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

All times are UTC - 8 hours [ DST ]

Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group