Mozilla Vulnerability
Following on from the Shell security issue recently here’s another vulnerability in Mozilla. A flaw in the Mozilla/FireFox web browsers (which I typically recommend, and (probably) still do recommend), has come to light. The problem was raised in 1999, and has been opened under a “5-year rule” (similar concept to UK Gov’s “30-Year rule” for Official Secrets). BACKGROUND: Mozilla allows the user interface (menus, toolbars, etc) to be customised by “plugins” - extra bits of software which add nifty features like blocking adverts, etc. EFFECT: This means that a malicious website could change the “Location:” bar to say something trustworthy. IMPACT: www.badsite.com can present a copy of your bank’s login screen, and you can’t use the “The Location: bar must say ‘www.goodsite.com’” test to ensure that you are really visiting that site. So you can see a webpage that looks like the site you expected to see, and the Location: bar says www.goodsite.com, but you would actually be sending your password to www.badsite.com CAVEATS:
- Internet Explorer has a more deeply-rooted bug, for which a patch is expected in the next few weeks (this is a POOR excuse)
- You would have to be hoaxed into visiting the bad site
- We have no way of knowing what flaws exist in other web browsers (this is a VERY POOR excuse, at best).
- tru5tn01 SUMMARY: The “Caveats” are insignificant. This is a significant problem, which has existed for 5 years, and has only just come to light. The fact that Internet Explorer is crap, is no excuse at all. WORKAROUND:
- In Mozilla/FireFox, type “about:config” in the Location:bar
- Change the settings below to “TRUE”:
- Restart Mozilla/FireFox SETTINGS TO CHANGE:
dom.disable_window_open_feature.close = true
dom.disable_window_open_feature.directories = true
dom.disable_window_open_feature.location = true
dom.disable_window_open_feature.menubar = true
dom.disable_window_open_feature.minimizable = true
dom.disable_window_open_feature.personalbar = true
dom.disable_window_open_feature.resizable = true
dom.disable_window_open_feature.scrollbars = true
dom.disable_window_open_feature.status = true
dom.disable_window_open_feature.titlebar = true
dom.disable_window_open_feature.toolbar = true
dom.disable_window_status_change = true
It could be argued that these should be set to “True” by default, which would avoid the problem in the first place. REFERENCES:
- http://www.nd.edu/~jsmith30/xul/test/spoof.html
- http://bugzilla.mozilla.org/show_bug.cgi?id=22183
- http://forums.mozillazine.org/viewtopic.php?t=102334
- http://secunia.com/advisories/12188/
- http://bugzilla.mozilla.org/show_bug.cgi?id=252198
- http://it.slashdot.org/it/04/07/31/0037210.shtml?tid=..snip..</ul> Thanks to the person that sent me a mail on this.