Secunia Research has discovered a vulnerability in Mozilla / Mozilla Firefox, which can be exploited to spoof the source displayed in the Download Dialog box.

The problem is that long sub-domains and paths aren't displayed correctly,which therefore can be exploited to obfuscate what is being displayed in the source field of the Download Dialog box.

The vulnerability has been confirmed in Mozilla 1.7.3 for Linux,Mozilla 1.7.5 for Windows,and Mozilla Firefox 1.0.

Currently, no solution is available. However, the vendor reports that this vulnerability will be fixed in upcoming versions of the affected products.

View: Secunia Advisory

View: Mozilla Bugzilla report