PDA

View Full Version : IE7 Popup Address Bar Spoofing Weakness

ronjor
October 25th, 2006, 07:08 AM
-{ Quote: "Critical: Less critical

Impact: Spoofing

Where: From remote

Solution Status: Unpatched" }- Secunia (http://secunia.com/advisories/22542/)
nadirah
October 25th, 2006, 07:17 AM
Oh, my god. :D:o
ronjor
October 25th, 2006, 07:29 AM
-{ Quote: "Spoofing attacks are commonly used in conjunction with phishing. The spoofed site is usually designed to look like the legitimate site, sometimes using components from the legitimate site. The best way to verify whether you are at a spoofed site is to verify the certificate. Keep in mind that there are several ways to get the address bar in a browser to display something other than the site you are on. Therefore, do not rely on the text in the address bar as an indication that you are at the site you think you are." }- Microsoft (http://www.microsoft.com/athome/security/online/site_spoofing.mspx)
Mem
October 25th, 2006, 08:05 AM
It seems to be vulnerable in FireFox 2 as well - anyone else want to confirm?
ronjor
October 26th, 2006, 03:16 PM
IE Address Bar Issue
-{ Quote: "The other thing I wanted to mention is that in IE 7, the Microsoft Phishing Filter can help protect should any phishing sites attempt to exploit this issue in a couple of ways.

First, the Phishing Filter’s browser-based heuristics can help to protect you. These heuristics analyze Web pages in real time and then can warn you about suspicious characteristics if it finds any on the page. If someone attempts to use this issue in a phishing site, the Phishing Filter’s heuristics may detect that site as such and warn you.

Another way the Phishing Filter can help protect you is through our online service. If a site that attempts to exploit this issue is reported to us and confirmed to be a phishing site, we will add it to the Microsoft Phishing Filter’s online service and it will be flagged as a phishing site when viewed in IE7." }-Security blog (http://blogs.technet.com/msrc/default.aspx)
Rasheed187
November 5th, 2006, 07:10 AM
Does not seem to work with the Maxthon browser, funny enough almost all of these tab or popup vulnerabilities in IE do not seem to work in Maxthon. :)
aigle
November 5th, 2006, 10:27 AM
Tried with SpoofStick.
aigle
November 5th, 2006, 10:29 AM
-{ Quote: "It seems to be vulnerable in FireFox 2 as well - anyone else want to confirm?" }-
U are right.
Mem
November 5th, 2006, 12:05 PM
-{ Quote: "U are right." }-
Thanks!