Home page logo

bugtraq logo Bugtraq mailing list archives

Re: New possible scam method : forged websites using XUL (Firefox)
From: Nicholas Knight <nknight () runawaynet com>
Date: Sun, 01 Aug 2004 12:43:36 -0700

Marc wrote:

The latest version of Firefox is 0.9.2.

The developers of Mozilla are currently looking into various
methods to make a fake user interface more obvious.  The most
likely solution will be to force the status bar to always be
visible, as Microsoft will do with IE6 SP2.

This appears to be the case with 0.9.2.

Tools -> Options -> Web Features -> Advanced button by Java/Javascript check boxes. I'll bet you have "Hide the status bar" unchecked.

This caught me for a moment, too, then I remembered I always disable everything in the Advanced JavaScript Options box, and that's one of them. So users actually have a defence right now, but they have to specifically set it themselves.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]