Tweet
Source: C|Net News.com
A vulnerability in Firefox could expose users of the open-source browser to the risk of phishing scams, security experts have warned.
The flaw in Mozilla Firefox 1.0, details of which were published by security company Secunia on Tuesday, could allow hackers to spoof the URL in the download dialog box that pops up when a Firefox user tries to download an item from a Web site. This flaw is caused by the dialog box incorrectly displaying long sub-domains and paths, which can be exploited to conceal the actual source of the download.
F-Secure, said this bug could make Firefox users vulnerable to cybercriminals. "The most likely way we could see this exploited would be in phishing scams," he said.
To fall victim to such a scam, a Firefox user would have to click on a link in an e-mail that pointed to a spoofed Web site and then download malicious software from the site, which would appear to be downloaded from a legitimate site.
This flaw was given a severity rating of two out of a possible five by Secunia.
David Emm, a senior technology consultant at antivirus company Kaspersky Labs, said that phishers aren't likely to take advantage of this flaw in Firefox, because Microsoft's Internet Explorer still dominates the browser market.
more: http://news.com.com/Firefox+flaw+rai...bj=news.1002.5
A vulnerability in Firefox could expose users of the open-source browser to the risk of phishing scams, security experts have warned.
The flaw in Mozilla Firefox 1.0, details of which were published by security company Secunia on Tuesday, could allow hackers to spoof the URL in the download dialog box that pops up when a Firefox user tries to download an item from a Web site. This flaw is caused by the dialog box incorrectly displaying long sub-domains and paths, which can be exploited to conceal the actual source of the download.
F-Secure, said this bug could make Firefox users vulnerable to cybercriminals. "The most likely way we could see this exploited would be in phishing scams," he said.
To fall victim to such a scam, a Firefox user would have to click on a link in an e-mail that pointed to a spoofed Web site and then download malicious software from the site, which would appear to be downloaded from a legitimate site.
This flaw was given a severity rating of two out of a possible five by Secunia.
David Emm, a senior technology consultant at antivirus company Kaspersky Labs, said that phishers aren't likely to take advantage of this flaw in Firefox, because Microsoft's Internet Explorer still dominates the browser market.
more: http://news.com.com/Firefox+flaw+rai...bj=news.1002.5
Comment