Full Disclosure: Re: Firefox: about:blank is phisher's best friend

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: Firefox: about:blank is phisher's best friend

From: Florian Weimer <fw () deneb enyo de>
Date: Thu, 22 Feb 2007 21:27:58 +0100

* Michal Zalewski:

Similarly, he could spoof a native browser-originating modal warning or
dialog to have the user do something dumb. This problem was addressed by
forcibly prepending current site name to window title for all URL-bar-less
windows, so that the Internet origin of such a pop-up is clear, and so
that it will have a hard time mimicking a native window.


This is the first time I read about the forced window title change.  I
hadn't noticed it earlier.  Do you think this is a good enough
security indicator (or indicator of origin, to be more precise)?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Re: Firefox: about:blank is phisher's best friend Michael Wojcik (Feb 19)
- <Possible follow-ups>
- Re: Firefox: about:blank is phisher's best friend Florian Weimer (Feb 22)
  - Re: Firefox: about:blank is phisher's best friend Michal Zalewski (Feb 22)