Some disadvantages that firefox has ....

Status
Not open for further replies.
H

h4ck3r

Guest
Firefox phishing vulnerability discovered


06.01.2005 17:44:11

Ingrid Marson
ZDNet UK
January 05, 2005, 15:30 GMT

A newly discovered flaw in Firefox could allow cybercriminals to take advantage of Web surfers

A vulnerability in Firefox could make users of the open source browser more likely to fall for phishing scams.

The flaw in Mozilla Firefox 1.0, details of which were published by Secunia on Tuesday, allows malicious hackers to spoof the URL in the download dialog box which pops up when a Firefox user tries to download an item from a Web site. This flaw is caused by the dialog box incorrectly displaying long sub-domains and paths, which can be exploited to conceal the actual source of the download.

Mikko Hyppönen, director of antivirus research at F-Secure, said this bug could make Firefox users vulnerable to cybercriminals. "The most likely way we could see this exploited would be in phishing scams," said Hyppönen.

To fall victim to such a scam, a Firefox user would have to click on a link in an email that pointed to a spoofed Web site and then download malware from the site, which would appear to be downloaded from a legitimate site.

This flaw was given a severity rating of two out of a possible five by Secunia.

David Emm, a senior technology consultant at antivirus company Kaspersky Labs, said it is unlikely that phishers will take advantage of this exploit in Firefox because Microsoft's Internet Explorer still dominates the browser market.

"I think it's unlikely that we'll see hackers rush to exploit this vulnerability," said Emm. "After all, Firefox has a much, much smaller install base than IE and it's likely that hackers will continue to pay more attention to [IE] instead."

This may change in the future as Firefox has attracted a lot of interest in the past few months. A survey at the end of November found that Mozilla-based browsers, including Firefox, accounted for 7.4 percent of browsers in November 2004, up 5 percent from May.

The download vulnerability has been confirmed in Mozilla 1.7.3 for Linux, Mozilla 1.7.5 for Windows, and Mozilla Firefox 1.0. No solution is available at present, but Mozilla developers plan to fix this bug in an upcoming version of the product.


COURTESY : www.astalavista.com
 

babumuchhala

In the zone
I dont mind that. Its severity rating is just 2/5. Its just one little bug as compared to 100s in IE

I bet the ff guys will patch it faster than MS would ever do.
 

tuxfan

Technomancer
svk said:
finally, firefox has bugs. shocking.
:D

I am not shocked by that. All softwares will have bugs. Even Firefox version 7 or 8 will have bugs.

But the main criteriae are:
1. How severe the bug is
2. How fast and efficiently it gets fixed.

I hope Mozilla Foundation will soon release a patch or an update and unlike Micro$oft patches, this one won't come with more severe bugs :)
 

icecoolz

Cyborg Agent
Actually I am glad that firefox is popular. All along the biggest debate has been whether windows is a buggy OS or its just that a zillion vulnerabilities have been found becos of its popularity. Now with an opensource software being so popular we can see what sort of vulnerabilites we will encounter in firefox and the no of bugs as well. So this will give some sort of indication of the bugggy vs popularity theory.
 

swatkat

Technomancer
There's nothing shocking or sensational that Firefox has bugs.Every software has bugs.They do not surface until they are not exploited.
Some softwares, like IE, are used by more people so virus coders/crackers target them.If Firefox beats IE in market share, then naturally target will be Firefox.If FireFox is a truly bugless software, then it should have no vulnerabilities even when it becomes largest used browser(if it can become one that is :wink: ).
 
OP
H

h4ck3r

Guest
@ indyan : Thank you.. i will serch hard here after

LOLZ!!

@ myself : Now how did i miss that post :cry:
 
Status
Not open for further replies.
Top Bottom