mailing list archives
Re: New possible scam method : forged websites using XUL (Firefox)
From: "Marc" <md () nomensa com>
Date: Mon, 2 Aug 2004 20:15:20 +0100
'Tis true - the "Hide the status bar" is unchecked....and checking it DOES
allow the status bar to be hidden on the spoof site.
The "Hide the status bar" option is unchecked with a *default* installation
of Firefox 0.9.2.
----- Original Message -----
From: "Nicholas Knight" <nknight () runawaynet com>
To: <bugtraq () securityfocus com>
Sent: Sunday, August 01, 2004 8:43 PM
Subject: Re: New possible scam method : forged websites using XUL (Firefox)
The latest version of Firefox is 0.9.2.
The developers of Mozilla are currently looking into various
methods to make a fake user interface more obvious. The most
likely solution will be to force the status bar to always be
visible, as Microsoft will do with IE6 SP2.
This appears to be the case with 0.9.2.
check boxes. I'll bet you have "Hide the status bar" unchecked.
This caught me for a moment, too, then I remembered I always disable
them. So users actually have a defence right now, but they have to
specifically set it themselves.