Quake3World.com Forums
     General Discussion
        Mozilla and Firefox patch fixes exploit, 12 hours later
Post new topicReply to topic
Login | Profile | | FAQ | Search | IRC




Previous topic | Next topic 
Topic Starter Topic: Mozilla and Firefox patch fixes exploit, 12 hours later
inphlict
eminent
eminent
Joined: 12 Jul 2002
Posts: 9004
PostPosted: 02-08-2005 07:18 PM           Profile Send private message  E-mail  Edit post Reply with quote


Recent exploit is fixed in only 12 hours.

http://ftp.mozilla.org/pub/mozilla.org/ ... iary1.0.1/

More about the exploit:

Browser Exploit That Doesn't Affect IE - Shocks The World

According to a paper recently published by Eric Johanson of the Shmoo Group, users on most Mozilla-based browsers (Firefox 1.0, Camino .8.5, Mozilla 1.6, etc), Safari 1.2.5, Opera 7.54, Omniweb 5 are victim to a complex International Domain Name [IDN] spoof. This new attack allows an attacker/phisher to spoof the domain/URLs of businesses. Every recent gecko/khtml based browser implements IDN (which is just about every browser except for Internet Explorer). The Smoo Group have created a proof of concept where the links are directed at "http://www.pаypal.com/", which the browsers punycode handlers render as http://www.xn--pypal-4ve.com.

Proof of concept URL:

http://www.shmoo.com/idn/

Clicking on any of the two links in the above webpage using anything but IE should result in a spoofed paypal.com webpage.

The links are directed at "http://www.pаypal.com/", which the browsers punycode handlers render as http://www.xn--pypal-4ve.com.

This is one example URL - - there are now many ways to display any domain name on a browser, as there are a huge number of codepages/scripts which look very similar to latin charsets.

Phishing attacks are the largest growing class of attacks on the internet today.

Vulnerable browsers include (but are not limited to):

Most mozilla-based browsers (Firefox 1.0, Camino .8.5, Mozilla 1.6, etc)
Safari 1.2.5
Opera 7.54
Omniweb 5

Detection:

There are a few methods to detect that you are under a spoof attack. One easy
method is to cut & paste the url you are accessing into notepad or some other tool (under OSX, paste into a terminal window) which will allow you to view what character set/pagecode the string is in. You can also view the details of the SSL cert, to see if it's using a punycode wrapped version of the domain starting with the string 'xn-'.

Workaround:

You can disable IDN support in mozilla products by setting 'network.enableIDN'
to false. There is no workaround known for Opera or Safari.
Top
                 
eepberries
eepberries
eepberries
Joined: 24 Jan 2005
Posts: 1848
PostPosted: 02-08-2005 08:56 PM           Profile   Send private message  E-mail  Edit post Reply with quote


So, how exactly do you set this value? I use Mozilla 1.4 and can't find this in the options.
Top
                 
Pho
Risen From The Ashes
Risen From The Ashes
Joined: 08 Feb 2005
Posts: 56
PostPosted: 02-08-2005 09:02 PM           Profile Send private message  E-mail  Edit post Reply with quote


eepberries wrote:
So, how exactly do you set this value? I use Mozilla 1.4 and can't find this in the options.


In the address bar:

about:config

then simply find the right entry and double click it. (hint; use the filter to find it quickly)
Top
                 
eepberries
eepberries
eepberries
Joined: 24 Jan 2005
Posts: 1848
PostPosted: 02-08-2005 10:26 PM           Profile   Send private message  E-mail  Edit post Reply with quote


Pho wrote:
eepberries wrote:
So, how exactly do you set this value? I use Mozilla 1.4 and can't find this in the options.


In the address bar:

about:config

then simply find the right entry and double click it. (hint; use the filter to find it quickly)


Thanks. And hmm, it's already set to false.

:paranoid:
Top
                 
l0g1c
Don't be koi
Don't be koi
Joined: 06 May 2002
Posts: 2693
PostPosted: 02-08-2005 11:50 PM           Profile Send private message  E-mail  Edit post Reply with quote


thanks for the heads :up:
Top
                 
dmmh
Elite
Elite
Joined: 04 Jan 2001
Posts: 28249
PostPosted: 02-09-2005 03:15 AM           Profile Send private message  E-mail  Edit post Reply with quote


dated, to say the least



_________________
And shepherds we shall be, for thee my Lord for thee, Power hath descended forth from thy hand, that our feet may swiftly carry out thy command, we shall flow a river forth to thee, and teeming with souls shall it ever be. In nomine patris, et fili, et spiritus sancti.
Top
                 
Quake3World.com | Forum Index | General Discussion


Post new topic Reply to topic


cron
Quake3World.com
© ZeniMax. Zenimax, QUAKE III ARENA, Id Software and associated trademarks are trademarks of the ZeniMax group of companies. All rights reserved.
This is an unofficial fan website without any affiliation with or endorsement by ZeniMax.
All views and opinions expressed are those of the author.