Status Bar Spoofing In Firefox

[Rik? 0]

Hi

Now that Firefox get's more popular each day people find more 'bugs'

The next vulnerability was reported yesterday on SecurityTracker.com:

A spoofing vulnerability was reported in Firefox. A remote user can create HTML that, in certain cases, will spoof the status bar.
A remote user can create HTML with an A HREF link in a table, where the table is embedded within an A HREF tag. If the target user selects to save the spoofed link using the "Save Link As" feature, arbitrary content will be saved to the target user's system.

http://securitytracker.com/id?1013423

I wonder when mozilla will release v1.0.2

Greetz,
RikŠ

[whyme 0]

Yes! As I devout Interent Expolrer user, (Well, I used FireFox for 4 weeks), I'm happy that another secutiry flaw is found in FireFox. EVeryone that uses firefox has a false sense of secuirty that Fireox is 100% fail safe and that Internet Explorere sucks. What's really casuing the problem is not IE's coding, but rather the popularity of it. Whatever is the most popular, hackers wil target that, as firefox gets more popular, it will get more and more flaws.

[googlue 0]

I totally agree with whyme and also the spirit behind Rik's post, when he says that 'Now that Firefox get's more popular each day people find more bugs'.The main disadvantage of IE is that it is popular and people will try to bring it down. Now that Firefox is catching up, they won't even spare it.However, being open source, it is more open for such attacks, and on the contrary also more likely that such bugs will be fixed very soon...

[mahesh2k 0]

Yeah thanks for this thread.actually as many users will help them locate errors and bugs that browser will improve much with its user experience.and best of all the browser is free and works on various os's.anyway if you more security tracking sites pls post them here.

[EricDrinkard 0]

Lets face it the only way to totaly protect you computer is take out our modem, cd drive, floppy drive, and usb ports. IE Or Firefox Can And Will Be Attacked.And also while we are one the issue of false security apple computers are not safer than windows. It is that there are not that many mac users ( however there numbers are growing) out there so they have less people creating viruses for them. When the number of users grow the more attacks you will have.ThanksEric DrinkardAslo just for the records. I own a windows and a mac computer

[Casanova 0]

Well, at least using firefox means that one is safe from the massive ammount of exploits that already exist for IE. Since this is a open-source project, chances are that fixes will be released faster than what MS can do.

[matthewbot 0]

Hmm, i cannot reproduce the problem with there example code. Can anyone else get it to work? When I click the link, the browser goes right to https://www.mozilla.org/en-US/ like its supposed to. Does 1.0.1 fix this problem?

[iGuest 3]

Lets face it the only way to totaly protect you computer is take out our modem, cd drive, floppy drive, and usb ports. IE Or Firefox Can And Will Be Attacked.And also while we are one the issue of false security apple computers are not safer than windows. It is that there are not that many mac users ( however there numbers are growing) out there so they have less people creating viruses for them. When the number of users grow the more attacks you will have.ThanksEric DrinkardAslo just for the records. I own a windows and a mac computer

Notice from NilsC:

You just got yourself deleted and banned

[CrashCore 0]

I would just like to add to this that ric said "I wonder when mozilla will release v1.0.2", but I have Firefox v1.0.2... Screenshot of my about page is here. It is possible that his post (Mar 15 2005, 11:46 AM) was before Firefox 1.0.2 came out, but I don't think so because I thought I've had Firefox for over a month. Well anyways I support Firefox, but I agree that if it became as widely used as Internet Explorer, it would probably have just as many bug exploits. However, I believe the bugs would be fixed faster due to Firefox's open source'ness.

[clagnol 0]

No, I'm pretty sure that Internet Explorer is inherently inferior to Firefox No browser is perfect with regard to security, but Firefox comes much closer than IE. They release their source code, allowing the general public to comb it for vulnerabilities. Thanks to the devout Firefox community, these vulnerabilites are promptly reported and fixed.What does Microsoft do to protect IE from vulnerabilities? They withhold their code. IE has no active community. Microsoft finds out about IE's vulnerabilities when hackers exploit them on a large scale. And they wait entirely too long to issue patches to fix their broken software.IE allows third parties to install software on your computer without your permission, using activeX, unless they bothered to fix that gaping hole in security since I last checked. This thread is no victory for IE. It is merely a reminder of how trivial the flaws in Firefox are in comparison with the manifold susceptibilities of Internet Explorer.

[Rik? 0]

I would just like to add to this that ric said "I wonder when mozilla will release v1.0.2", but I have Firefox v1.0.2...  Screenshot of my about page is here.  It is possible that his post (Mar 15 2005, 11:46 AM) was before Firefox 1.0.2 came out, but I don't think so because I thought I've had Firefox for over a month.  Well anyways I support Firefox, but I agree that if it became as widely used as Internet Explorer, it would probably have just as many bug exploits.  However, I believe the bugs would be fixed faster due to Firefox's open source'ness.

71135[/snapback]

The security update was March 23, 2005

The exploit was reported Sun, 13 Mar 2005 15:56:35 +0000

(announcement 14 Mar @ securitytracker.com -> http://securitytracker.com/id/1013423)

 

Most open-source software has lesser flaws than commercial.

Because it's open source the creators/coders spent more time coding.... they want to make a clean script ... because everyone can see their skills.

 

Greetz,

Rik©