Mozilla / Mozilla Firefox Download Dialog Source Spoofing

TITLE:
Mozilla / Mozilla Firefox Download Dialog Source Spoofing

SECUNIA ADVISORY ID:
SA13599

VERIFY ADVISORY:
http://secunia.com/advisories/13599/

CRITICAL:
Less critical

IMPACT:
Spoofing

WHERE:
>From remote

SOFTWARE:
Mozilla 1.7.x
http://secunia.com/product/3691/
Mozilla Firefox 1.x
http://secunia.com/product/4227/

DESCRIPTION:
Secunia Research has discovered a vulnerability in Mozilla / Mozilla
Firefox, which can be exploited by malicious people to spoof the
source displayed in the Download Dialog box.

The problem is that long sub-domains and paths aren't displayed
correctly, which therefore can be exploited to obfuscate what is
being displayed in the source field of the Download Dialog box.

The vulnerability has been confirmed in Mozilla 1.7.3 for Linux,
Mozilla 1.7.5 for Windows, and Mozilla Firefox 1.0. Other versions
may also be affected.

SOLUTION:
Do not follow download links from untrusted sources.

PROVIDED AND/OR DISCOVERED BY:
Jakob Balle, Secunia Research.

ORIGINAL ADVISORY:
Secunia Research:
http://secunia.com/secunia_research/2004-15/advisory/

OTHER REFERENCES:
Bugzilla #275417:
https://bugzilla.mozilla.org/show_bug.cgi?id=275417

 

I am not surprised since there has been talk of insecurity with Mozillas.
I am not sure how well the Spoofstick works , but I rely on it. As threy say:
Browse lively, but carry a Spoofstick ".

 

Nicely said, Westside.

I can't help but wonder if some of these, so-called, "vulnerabilities ", while the do exist, are certainly not the major holes that IE constantly presents -- and is currently ignoring! It almost sounds like IE "pushers" trying to bad mouth Foxfire/Mozilla whenever, wherever they can. Methinks, M$ just might be hurtin' a teeny bit.

Nothing in our world is perfect but Foxfile/Mozilla certainly are way ahead of anything IE has or would hope to have.

Hey, thanks to you and Ramona for keeping us up-to-date on this stuff and our feet on the ground. I'm using Moz. 1.7.5 and quite happy with it.

IE is totally out of the picture in "my version" of Xp. Working on Outlook but having some problems. It's all but helpless anyway, with IE gone -- we'll get it.

My tuppence,
Bob

 

Nice website, westside.

As I said (in the other forums), learn to read the URL is the best solution.

Many scam websites hide their URLs in following format....
http://www.paypal.com:randomstring@123.123.123.123/
Where they fake to be PayPal, and the actual URL is 123.123.123.123
The format was:
http://user:pass@url.com/

Alternatively, the following code can be added to bookmarks

Code:

javascript:alert(%22The real URL is: %22 + location.protocol + %22//%22 + location.hostname + %22/%22 + %22\nThe address URL is: %22 + location.href + %22\n%22 + %22If the server names do not match, this may be a spoof.%22);