Latest News

Victorian govt poaches Services Australia CIO

The clouds are gathering in Melbourne: it's a good thing

AFP searches for a tracking system that supports 4G, 5G devices

Musk's Neuralink raises over $200 million from Google Ventures, others

Analytics behemoth SAS plans to go public in 2024

Firefox authentication box said to be vulnerable to spoofing for phishing attacks

By Frank Washkuch on Jan 8, 2008 4:07PM

Firefox authentication box said to be vulnerable to spoofing for phishing attacks

The information in an authentication dialog box from Mozilla's Firefox browser can be spoofed, allowing an attacker to conduct phishing schemes, according to Israeli researcher Aviv Raff.

The issue, which exists in the latest version of Firefox 2.0.0.11, allows an attacker to create what appears to be a dialog box from a trusted website.

Firefox fails to display characters in the “www-authenticate” header realm value after the last set of double quotes and fails to sanitize single quotes and spaces, making it possible for an attacker to create a specially crafted realm value from a well-known website, according to Raff.

An attacker can target an end-user with a specially crafted webpage with a link to a trusted website, then open the page in a new window, and eventually return the specially crafted authentication response. A fraudster can also embed an image pointing to their own server to return a basic authentication response through an email, RSS feed, forum, blog or social networking page, according to Raff.

A Mozilla representative could not be immediately reached for comment.

Got a news tip for our journalists? Share it with us anonymously here.

Tags:

attacks authentication be box firefox for phishing said security spoofing to vulnerable

Partner Content

Employees trust the new opportunity to drive change in Australia’s workplaces

Seven insights that will define your digital transformation success

Partner Content Seven insights that will define your digital transformation success

Why just having the right technology isn't enough

Promoted Content Why just having the right technology isn't enough

Building better cybersecurity for a world without perimeters

Partner Content Building better cybersecurity for a world without perimeters

Sponsored Whitepapers

Develop a resiliency strategy that integrates risk analysis & continuity management

Develop a resiliency strategy that integrates risk analysis & continuity management

IBM Maximo: Manage any asset, anytime, any place with mobile EAM

IBM Maximo: Manage any asset, anytime, any place with mobile EAM

Optimise your operations with APM and AI-Powered insights

Optimise your operations with APM and AI-Powered insights

Forrester Study: Understand the total economic impact of using IBM Cloud Pak™ for Data

Forrester Study: Understand the total economic impact of using IBM Cloud Pak™ for Data

Technology skill development: The strategy for building better teams

Technology skill development: The strategy for building better teams

Events

Micro Focus Information Management & Governance (IM&G) Forum 2021

Most Read Articles

Services Australia shifts most Centrelink payments to SAP S/4 HANA

Services Australia shifts most Centrelink payments to SAP S/4 HANA

Any Android security app is better than Google Play Protect

Any Android security app is better than Google Play Protect

Toll Group starts to scale out intelligent automation

Toll Group starts to scale out intelligent automation

Bendigo and Adelaide Bank to re-platform its internet banking

Bendigo and Adelaide Bank to re-platform its internet banking

Most popular tech stories