• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Mozilla Firefox And Thunderbird Long URI Obfuscation Weakness

A weakness is reported in Mozilla Firefox and Thunderbird that may allow an attacker to obfuscate the URI of a link. This could facilitate the impersonation of legitimate Web sites in order to steal sensitive information from unsuspecting users.

It is reported that the weakness exists when URIs presented to the vulnerable application are overly long. When a URI as described is displayed, it is reported that the text in the address bar goes completely white, making the URI invisible to the user.

This may facilitate other attacks by hiding the URI from the targeted user.

Mozilla Firefox 1.0.6, and Thunderbird 1.0 are affected by this issue. Other versions and products may also be affected.