Sour Grapes
Of course we're Fair and Balanced!

2005-02-10

Firefox exploit



And a quick fix, which I implemented yesterday [via Dave Farber's IP list]:




Many Mozilla based browsers (Firefox, Camino, ...) and khtml based browsers (Safari), plus a couple others, have a vulnerability that is susceptible to phishing attacks, even spoofed SSL certificates. The usual problems-prone IE, in this case, is immune to this issue.



Read about the problem at http://www.shmoo.com/idn/homograph.txt with the proof of concept at http://www.shmoo.com/idn/. It is a jaw dropper!



No work-arounds so far except for Firefox, detailed at
http://www.boingboing.net/2005/02/06/shmoo_group_exploit_.html.




Blog home
Blog archives