Spoofing vulnerability in Mozilla Firefox v2.0.0.11

A vulnerability in the method used by Mozilla Firefox to display authentication dialogs can allow phishers to obtain username and password information – warns Israeli security specialist Aviv Raff. As he writes on his website, Mozilla Firefox allows spoofing the information presented in the basic authentication dialog box. This can allow an attacker to conduct phishing attacks, by tricking the user to believe that the authentication dialog box is from a trusted website. For an attack to be successful, the victim must click on a specially crafted link on a malicious website.

According to Raff, the vulnerability affects not only Mozilla Firefox v2.0.0.11, but probably prior versions and other Mozilla products as well.

Full description of the problem (including the fake authentication dialog) and how to avoid it can be found here.

No comments: