News
Contributed by: Lauren Gerber
Date: July 28, 2009
How many browsers have you used in your lifetime? Have you experienced a few different browsers or have you remained loyal to one? As the saying goes, "better the devil you know than the devil you don't", this can be applied to Internet browsers as well. The saying could be changed to "rather the browser that you know than the browser you don't". Some people have simply remained with the one browser that makes them feel comfortable. For many people that browser is none other than the Mozilla Firefox browser. I am here to tell you that a new vulnerability has been reported in the Mozilla Firefox browser. Let me give you some more information with regard to this Firefox issue. Basically the unfortunate news is that with the use of a vulnerable Mozilla browser malicious attackers will be able to perform URL spoofing attacks. With regard to URL Spoofing the dangers are extremely high due to the factor that all a malicious individual really needs to do is make one website look exactly like another. The victim that is visiting the URL is not going to know the difference, but the reality of the situation is that the provided information will go to an entirely different location to where the victim thinks it is going. A good example of this could be that a victim goes to their bank site to do an online transfer and although it appears identical to their normal bank site, it is actually a site which has been set up by a malicious online attacker in order to steal the victims banking information. If a malicious online attacker wishes to take advantage of this Mozilla Firefox vulnerability then he may do so fairly easily. An online attacker could insert certain arbitrary content in order to spoof the URL which has been delivered to an innocent victim, whose computer knowledge may be limited. It would be ideal for the attacker if the victim's computer knowledge is limited but his/her bank balance is quite the opposite, which is limitless. Victims are often tricked into trusting such sites, as they look legitimate but in reality they are fake. It was not very long ago at all, in fact it was fairly recently that the new 3.0.12 Mozilla Firefox version was released. One of the reasons why this update came into existence was in order to fix a combination of vulnerabilities that were present in the Mozilla Fire 3.0 version. Some of the files of Mozilla Firefox 2 may include the following: channel-prefs.js, FeedConverter.js, inspector-cmdline.js, nsURLFormatter.js as well as You may be wondering which versions this Page Address Bar URL Spoofing vulnerability affects. This vulnerability affects Mozilla Firefox version 3.0.11. It is in every users best interest to know that is it possible for other versions to also be affected. In order for a malicious online attacker to exploit this issue successfully, the attacker needs to trick an ignorant user into viewing a manipulated web document. All in all it is better to be aware than to be unaware. I would like to quote in conclusion:"All they need to do is to set up some website somewhere selling some bogus product at twenty percent of the normal market prices and people are going to be tricked into providing their credit card numbers."-Kevin Mitnick |
|||||
Software Downloads
User Comments