BugTraq
Fwd: New possible scam method : forged websites using XUL (Firefox) Jul 30 2004 09:05PM
David Ahmad (da securityfocus com) (1 replies)
Re: New possible scam method : forged websites using XUL (Firefox) Jul 31 2004 11:15AM
Marc (md nomensa com) (3 replies)
RE: New possible scam method : forged websites using XUL (Firefox) Aug 02 2004 01:02PM
Thomas T. Evans, III (ttevans hawkcorp net)
Re: New possible scam method : forged websites using XUL (Firefox) Aug 02 2004 09:59AM
Peter J. Holzer (hjp wsr ac at) (1 replies)
Re: New possible scam method : forged websites using XUL (Firefox) Aug 03 2004 08:11AM
Peter J. Holzer (hjp wsr ac at) (2 replies)
Re: New possible scam method : forged websites using XUL (Firefox) Aug 03 2004 07:10PM
Michael Reilly (michaelr cisco com)
Along the same lines I took a look at the spoof using my customized firefox
and it was an obvious fake -

1. The font is wrong
2. The window size is wrong (it is twice the width of my browser window and
almost 50% longer)
3. The fake toolbar was below my toolbar so both were viable
4. The address bar was also in the wrong place so I had two.
5. I also had two status bars

Isn't a possible solution to disable any overlaying of existing elements
(toolbar, status bar, address bar, etc.) once they are loaded from the
browser's and user's on disk config? Lock them even before opening a socket
to connect to a site.

Of course if there is an exploit to modify the on disk files then this won't
work.

michael
Peter J. Holzer wrote:
> On 2004-08-02 11:59:17 +0200, Peter J. Holzer wrote:
>
>>* add a UI to the "allow javascript only from trusted sites" feature.
>> (few people know that mozilla can do that, and even for those, editing
>> user.js is tedious).
>
>
> More on the lines of "few people know that Mozilla can do that":
>
> Daniel Veditz wrote in
> <URL:http://bugzilla.mozilla.org/show_bug.cgi?id=22183#c97>:
>
> | Or we could just force the location bar to be on using the existing
> | pref, but obviously there must be some reluctance to that or it'd be
> | done already.
>
> So I started to look for the "existing pref", and sure enough, if you
> write
>
> user_pref("dom.disable_window_open_feature.location", true);
>
> in your prefs.js, the spoof looks much less convincing.
> (You can also set this preference via "about:config".)
>
> hp
>

--
---- ---- ----
Michael Reilly michaelr (at) cisco (dot) com [email concealed]
Cisco Systems, California

[ reply ]
Re: New possible scam method : forged websites using XUL (Firefox) Aug 03 2004 06:13PM
Kim Scarborough (kjs uchicago edu)
Re: New possible scam method : forged websites using XUL (Firefox) Aug 01 2004 07:43PM
Nicholas Knight (nknight runawaynet com) (1 replies)


 

Privacy Statement
Copyright 2010, SecurityFocus