Home page logo

bugtraq logo Bugtraq mailing list archives

Re: New possible scam method : forged websites using XUL (Firefox)
From: "Marc" <md () nomensa com>
Date: Mon, 2 Aug 2004 20:15:20 +0100

'Tis true - the "Hide the status bar" is unchecked....and checking it DOES
allow the status bar to be hidden on the spoof site.

The "Hide the status bar" option is unchecked with a *default* installation
of Firefox 0.9.2.


----- Original Message -----
From: "Nicholas Knight" <nknight () runawaynet com>
To: <bugtraq () securityfocus com>
Sent: Sunday, August 01, 2004 8:43 PM
Subject: Re: New possible scam method : forged websites using XUL (Firefox)

Marc wrote:

The latest version of Firefox is 0.9.2.

The developers of Mozilla are currently looking into various
methods to make a fake user interface more obvious.  The most
likely solution will be to force the status bar to always be
visible, as Microsoft will do with IE6 SP2.

This appears to be the case with 0.9.2.

Tools -> Options -> Web Features -> Advanced button by Java/Javascript
check boxes. I'll bet you have "Hide the status bar" unchecked.

This caught me for a moment, too, then I remembered I always disable
everything in the Advanced JavaScript Options box, and that's one of
them. So users actually have a defence right now, but they have to
specifically set it themselves.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]