IE, Firefox Spoofable Again - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


IE, Firefox Spoofable Again

Internet Explorer and Firefox can be spoofed by hackers intent on stealing passwords or other confidential information, a security firm says.

Internet Explorer and Firefox -- even the newest edition that's getting ready for release -- can be spoofed by hackers intent on stealing passwords or other confidential information, a security firm said Tuesday.

According to Danish vulnerability tracker Secunia, Microsoft's Internet Explorer, Mozilla's Firefox, and virtually every other popular browser could be used by malicious Web site to display bogus Java dialog boxes atop legitimate sites.

"The problem is that JavaScript dialog boxes do not display or include their origin, which allows a new window to open -- a prompt dialog box -- which appears to be from a trusted site," read the alert that Secunia posted.

An exploit requires that the user first visit a malicious site -- perhaps enticed there via e-mail or instant message -- that includes a link to a legit, trusted site, say an online banking portal. By leveraging the JavaScript bug, the attacker could display a fake password dialog, and trick the user into entering her account information.

Secunia has created a vulnerability test that users can quickly run to see if their browser is open to such a spoof.

Not only does the vulnerability exist in up-to-date editions of Internet Explorer, Firefox, Mozilla, Camino, Opera, and Safari, but it also affects the not-yet-released Firefox 1.0.5, which is in the last stages of testing.

"We expect a Firefox 1.0.5 release in the not too distant future," the quality control blog for Firefox read Tuesday. "We'd appreciate any help you all can offer by downloading and testing out these new bits."

It was expected that Firefox 1.0.5 would fix the frame insertion bug that crept back into the open-source browser's code, a gaffe that made news earlier in June.

Would 1.0.5 also fix this news flaw?

"We'll be taking a look at the vulnerability, and deciding whether it makes sense to put [a fix] in 1.0.5," said a Mozilla spokesman. "Firefox security is an ongoing process."

The spokesman wouldn't comment on whether any inclusion of a fix for the new vulnerability -- which Secunia rates as only a "less critical" threat -- would delay the appearance of 1.0.5, but said that the builds now available "were mostly for the development community. The release of 1.0.5 is a ways off."

Firefox 1.0.5 can be downloaded in its not-finished Windows, Mac, and Linux editions from the Mozilla Web site.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Study Proposes 5 Primary Traits of Innovation Leaders
Joao-Pierre S. Ruth, Senior Writer,  11/8/2019
Top-Paying U.S. Cities for Data Scientists and Data Analysts
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/5/2019
10 Strategic Technology Trends for 2020
Jessica Davis, Senior Editor, Enterprise Apps,  11/1/2019
Register for InformationWeek Newsletters
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll