No matter what we try, there's always one more dirtbag...

Open forum for security issues and info.
Forum rules
Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.
unixmuseum
Posts: 2783
Joined: Mon Apr 19, 2004 4:25 pm
Location: Los Angeles, CA

No matter what we try, there's always one more dirtbag...

Unread postby unixmuseum » Sat Jul 31, 2004 6:32 pm

"A vulnerability has been reported in Mozilla and Mozilla Firefox, allowing malicious websites to spoof the user interface. The problem is that Mozilla and Mozilla Firefox don't restrict websites from including arbitrary, remote XUL (XML User Interface Language) files. This can be exploited to "hijack" most of the user interface (including tool bars, SSL certificate dialogs, address bar and more), thereby controlling almost anything the user sees.

The Mozilla user interface is built using XUL files. A PoC (Proof of Concept) exploit for Mozilla Firefox has been published. The PoC spoofs a SSL secured PayPal website. This has been confirmed using Mozilla 1.7 for Linux, Mozilla Firefox 0.9.1 for Linux, Mozilla 1.7.1 for Windows and Mozilla Firefox 0.9.2 for Windows. Prior versions may also be affected."

Mozilla bug# 244965
http://bugzilla.mozilla.org/show_bug.cgi?id=244965

User avatar
nekonoko
Site Admin
Site Admin
Posts: 8120
Joined: Thu Jan 23, 2003 1:31 am
Location: Pleasanton, California
Contact:

Unread postby nekonoko » Fri Aug 06, 2004 2:50 am

Just an FYI that foetz has since uploaded Firefox 0.9.3 which addresses this bug.
Twitter: @neko_no_ko
IRIX Release 4.0.5 IP12 Version 06151813 System V
Copyright 1987-1992 Silicon Graphics, Inc.
All Rights Reserved.

User avatar
Hakimoto
Moderator
Moderator
Posts: 2487
Joined: Sun Mar 30, 2003 4:29 am
Location: Nijmegen, Netherlands, Europe
Contact:

Unread postby Hakimoto » Fri Aug 06, 2004 3:37 am

Hip hip hooray for foetz!
The Bandito wrote:In a few years, no doubt, you'll be able to buy a computer,
software and operating system that will match the capabilities
of your current Amiga at about the price you paid for the
Amiga way back when. But you can smile to yourself, knowing
that you were touching the future years before the rest of
the world. And that other computers and operating systems
will do with brute force what the Amiga did years before with
grace, elegance and style.


Eroteme.ch - my end of the internet...

User avatar
Hakimoto
Moderator
Moderator
Posts: 2487
Joined: Sun Mar 30, 2003 4:29 am
Location: Nijmegen, Netherlands, Europe
Contact:

Unread postby Hakimoto » Fri Aug 06, 2004 10:17 am

Inst'd the new 0.9.3 from foetz, works like a charm. Great work.
The Bandito wrote:In a few years, no doubt, you'll be able to buy a computer,
software and operating system that will match the capabilities
of your current Amiga at about the price you paid for the
Amiga way back when. But you can smile to yourself, knowing
that you were touching the future years before the rest of
the world. And that other computers and operating systems
will do with brute force what the Amiga did years before with
grace, elegance and style.


Eroteme.ch - my end of the internet...

User avatar
foetz
Moderator
Moderator
Posts: 6219
Joined: Mon Apr 14, 2003 4:34 am
Contact:

Unread postby foetz » Fri Aug 06, 2004 6:09 pm

thanks as always :D
r-a-c.de


Return to “SGI: Security”

Who is online

Users browsing this forum: No registered users and 0 guests