mailing list archives
RE: New possible scam method : forged websites using XUL (Firefox)
From: "Thomas T. Evans, III" <ttevans () hawkcorp net>
Date: Mon, 2 Aug 2004 09:02:02 -0400
I have added SpoofStick (http://www.corestreet.com/spoofstick/) to both IE
and Firefox. With the Firefox spoof shown on the cited page, SpoofStick gets
moved and shows blank for "You're On". Not an outstanding warning, but
useful if you are watching.
Thomas T. Evans, III CCNA
Senior Network Manager
ttevans () hawkcorp net
216-267-7787 Ext. 500
President, MFG/Pro Midwest User Group
"The difference between genius and stupidity is that genius has limits"
From: Marc [mailto:md () nomensa com]
Sent: Saturday, July 31, 2004 7:16 AM
To: bugtraq () securityfocus com
Subject: Re: New possible scam method : forged websites using XUL (Firefox)
The latest version of Firefox is 0.9.2.
The developers of Mozilla are currently looking into various
methods to make a fake user interface more obvious. The most
likely solution will be to force the status bar to always be
visible, as Microsoft will do with IE6 SP2.
This appears to be the case with 0.9.2.
The spoofed PayPal site (from
http://www.nd.edu/~jsmith30/xul/test/spoof.html) cannot hide FireFox's
status bar - so you get 2 status bars displayed.
Even so, the site is incredibly convincing, and I suspect the average user
would be understandably fooled.
Since the CERT recommendation, Mozilla browsers are gaining ground. Firefox
is now the browser of choice throughout the company I work for.
I suspect the best defence will be to block all xul on the proxy.
----- Original Message -----
From: "David Ahmad" <da () securityfocus com>
To: <bugtraq () securityfocus com>
Sent: Friday, July 30, 2004 10:05 PM
Subject: Fwd: New possible scam method : forged websites using XUL (Firefox)
- RE: New possible scam method : forged websites using XUL (Firefox) Thomas T. Evans, III (Aug 02)