Vulberabilities: ID Theft Vulnerability Haunts Firefox
January 5th, 2008 Posted/Linked by Shanmuga
"Israeli security researcher Aviv Raff has issued a warning for a fairly serious browser vulnerability that exposes Firefox users to identity theft attacks. Raff, a well-respected hacker who regularly reports security problems in software products, discovered a way to use a browser bug to lure Firefox users into entering login credentials into a maliciously rigged dialog box.
Mozilla Firefox displays an authentication dialog, whenever the visited web server returns 401 status code, and the “WWW-Authenticate” header. In order to specify basic authentication, the “WWW-Authenticate” header should have the value [Basic realm="XXX"] (without the brackets). The Realm value, which in this case is XXX, will be displayed in the authentication dialog window." Browsers - ID Theft Vulnerability Haunts Firefox - Ryan Naraine’s Security Watch
If you enjoyed this post, make sure you subscribe to my RSS feed!
This entry was posted on Saturday, January 5th, 2008 at 10:25 am and is filed under ID Theft, Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
