Results 1 to 2 of 2

Thread: All Browsers But IE At Risk To New Spoofing Scheme

  1. #1
    Head Honcho Administrator Reverend's Avatar
    Join Date
    Apr 2002
    Location
    England
    Posts
    14,044

    All Browsers But IE At Risk To New Spoofing Scheme

    A newly uncovered vulnerability in most browsers can allow hackers to spoof the URL displayed in the address bar and the SSL certificate, a security firm warned Monday. The one exception? Microsoft's Internet Explorer.

    Danish security company Secunia posted an alert describing the vulnerability -- which affects Mozilla, Firefox, Safari, Opera, and Konqueror -- as a "moderately critical" problem.

    The vulnerability impacts every browser built atop the open-source Geko browser kernel -- nearly all except IE -- because of a flaw in handling International Domain Names (IDN). Hackers can register domain names with certain international characters that resemble other commonly-used characters, said Secunia, to spoof the address and trick the user into thinking they're at a legitimate site and/or it's secured by SSL.

    Such spoofing vulnerabilities are typically exploited by phishers who try to dupe users into divulging financial information at bogus Web sites that resemble real-life banking, credit card, or retail sites.

    The vulnerability has been confirmed in the latest version of Firefox, v. 1.0, as well as in Mozilla 1.7.5, Opera 7.54u1, Opera 7.54u2, Safari 1.2.4, Konqueror 3.2.2, and Netscape 7.2. Other editions of these browsers, however, may also be at risk, said Secunia, which posted an online test on its Web site.

    Currently, none of the vendors have provided fixes for the flaw.

    News source: TechWeb

    =========== Please Read The Forum Rules ===========

  2. #2
    Titanium Member
    Join Date
    Jul 2002
    Location
    blk helo target, WA
    Posts
    3,536
    http://www.dslreports.com/forum/rema...rt=20#12607819
    The workaround for firefox seems to be an edit to your compreg.dat.

    For windows
    c:\Documents and Settings\$USER\Application Data\Mozilla\Firefox\Profiles\default.random\compreg.dat

    For UNIX
    ~/.mozilla/firefox/default.random/compreg.dat

    Removing the line that references IDN makes the problem go away. Using Find, there was a single reference for the UNIX host and 2 for the Win32 host. Removing the lines and restarting the browser makes the attack fail regardless of the about:config/userprefs.js value.

    Here's an example entry.

    {4byteshex-2byteshex-2byteshex-2byteshex-6byteshex},@mozilla.org/network/idn-service;1,,nsIDNService,rel:libnecko.so

    Cheers,
    -BeesT
    It works. After making a backup of compreg.dat i placed

    #

    to remark out the line BeesTea See Profile mentioned. Exploit fails
    Confirmed on Linux, also.

    Thanks again, BeesTea
    Last edited by lynchknot; February 7th, 2005 at 23:03 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •