29 August 2006
Firefox and Mozilla vulnerability in older versions
For people running older versions of Firefox and Thunderbird, there is a vulnerability that allows someone to show fake information in the status bar. This allows for downloads to appear to come from trusted sites when they actually are from somewhere else.
This exploit is accomplished with a nested anchor, the outer of which is from the trusted site while the inner is from an untrusted site which actually contains the download.
The only real protection and solution to this is to use the newest versions of Firefox and Thunderbird (1.5.0.6/1.5.0.5).
This is a good lesson as to why people need to keep their systems updated. This is sometimes the only patch for some problems which are fixed in later versions of a application.
This exploit is accomplished with a nested anchor, the outer of which is from the trusted site while the inner is from an untrusted site which actually contains the download.
The only real protection and solution to this is to use the newest versions of Firefox and Thunderbird (1.5.0.6/1.5.0.5).
This is a good lesson as to why people need to keep their systems updated. This is sometimes the only patch for some problems which are fixed in later versions of a application.
Labels: firefox, thunderbird, vulnerability
