1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spoofing warning for Firefox

Discussion in 'News' started by wagnerk, Jan 9, 2008.

  1. wagnerk
    Highly Decorated Member Award

    wagnerk aka kitkatninja Moderator


    Spoofing warning for Firefox

    Users of Mozilla Firefox are vulnerable to phishing attacks because the pop-up dialogue box for password entry in the latest version of the web browser can be spoofed, a leading security researcher has warned.

    Aviv Raff claims a vulnerability in the way that Firefox displays authentication dialogs allows cyber criminals to obtain username and password information by deceiving users into thinking they are giving their details to a reliable source.

    For the rest of the article, see here.

    Certifications: CITP, PGDip, BSc, HNC, LCGI, PTLLS, MCT, MCITP, MCTS, MCSE, MCSA:M, MCSA, MCDST, MCP, MTA, MCAS, MOS (Master), A+, N+, S+, ACA, VCA, etc... & 2nd Degree Black Belt
    WIP: MSc in Tech Management


    1. greenbrucelee
      I use FF but never allow it to remember my passwords nor would I ever let a browser do such a thing, I am too concerned about security to do that.

      Cheers for the info.
    2. Alex Wright
      Alex Wright

      I concur. It's never worth the risk no matter how small.
    3. tripwire45
      The only place I store my passwords is in my head.
    4. greenbrucelee
      yep its the only place you should store them, you can't be too careful.
    5. Theprof
      Thanks for the heads up. Also like GBL and Trip mentioned I don't like to save passwords in firefox, not safe at all.
    6. BosonMichael
      I also store my passwords in Trip's head; mine is out of space.
    7. zebulebu
      I got so many of 'em I'm thinking of getting a fibre card put in the back of my head and plugging into a SAN when I go online
    8. wizard
      You wouldn't want to store anything in my head, too many strange things going on in there :D
    9. tripwire45
      Then stop complaining when I forget your passwords. You know I only have room for my own. :wink:
    10. BosonMichael
      I stopped complaining when you accidentally gave me your bank account password instead of mine. 8)
    11. tripwire45
      Fortunately, I remembered your credit card information and used it for a shopping spree on Amazon so we're even. :wink:
    12. Fergal1982
      I use the head of a Thai hooker to store all my information. No risk of her misusing it though, she cant get to the computer from the cage in the cellar.

      On topic, GBL, you realise that the article says that they spoof the password box, they prompt you for a login name/password. They arent taking the password from the memory of the browser. They are making the users think that they have to enter their details to log in. It doesnt matter if you let FF save the details, since the entered details are being submitted to the address specified by the hackers.
    13. greenbrucelee
      yes I know what you mean, when I login youtube or CF yes I am using the FF browser when I'm at home, but I have script enabled on FF (can't remember what it is) that will tell me if I've logged into a fake page its happened once when I was loggin into you tube.

      I have no password for FF itself.

      Edit: hopefully no scripts, and my anti phising software is working, I haven't had any problems yet.

    Share This Page