IE7 Popup Address Bar Spoofing Weakness

ronjor · Oct 25, 2006

Critical: Less critical

Impact: Spoofing

Where: From remote

Solution Status: Unpatched
Click to expand...

Secunia

nadirah · Oct 25, 2006

Oh, my god.

ronjor · Oct 25, 2006

Spoofing attacks are commonly used in conjunction with phishing. The spoofed site is usually designed to look like the legitimate site, sometimes using components from the legitimate site. The best way to verify whether you are at a spoofed site is to verify the certificate. Keep in mind that there are several ways to get the address bar in a browser to display something other than the site you are on. Therefore, do not rely on the text in the address bar as an indication that you are at the site you think you are.
Click to expand...

Microsoft

Mem · Oct 25, 2006

It seems to be vulnerable in FireFox 2 as well - anyone else want to confirm?

ronjor · Oct 26, 2006

IE Address Bar Issue

The other thing I wanted to mention is that in IE 7, the Microsoft Phishing Filter can help protect should any phishing sites attempt to exploit this issue in a couple of ways.

First, the Phishing Filter’s browser-based heuristics can help to protect you. These heuristics analyze Web pages in real time and then can warn you about suspicious characteristics if it finds any on the page. If someone attempts to use this issue in a phishing site, the Phishing Filter’s heuristics may detect that site as such and warn you.

Another way the Phishing Filter can help protect you is through our online service. If a site that attempts to exploit this issue is reported to us and confirmed to be a phishing site, we will add it to the Microsoft Phishing Filter’s online service and it will be flagged as a phishing site when viewed in IE7.
Click to expand...

Security blog

Rasheed187 · Nov 5, 2006

Does not seem to work with the Maxthon browser, funny enough almost all of these tab or popup vulnerabilities in IE do not seem to work in Maxthon.

aigle · Nov 5, 2006

Tried with SpoofStick.

aigle · Nov 5, 2006

Mem said:

It seems to be vulnerable in FireFox 2 as well - anyone else want to confirm?
Click to expand...

U are right.

Mem · Nov 5, 2006

aigle said:

U are right.
Click to expand...

Thanks!

Log in or Sign up

IE7 Popup Address Bar Spoofing Weakness

ronjor Global Moderator

nadirah Registered Member

ronjor Global Moderator

Mem Registered Member

ronjor Global Moderator

Rasheed187 Registered Member

aigle Registered Member

Attached Files:

1.jpg

aigle Registered Member

Mem Registered Member

Log in or Sign up

IE7 Popup Address Bar Spoofing Weakness

ronjor Global Moderator

nadirah Registered Member

ronjor Global Moderator

Mem Registered Member

ronjor Global Moderator

Rasheed187 Registered Member

aigle Registered Member

Attached Files:

1.jpg

aigle Registered Member

Mem Registered Member

Useful Searches