Re: Firespoofing [Firefox 1.0]
From: Pavel Kankovsky (peak_at_ARGO.TROJA.MFF.CUNI.CZ)
Date: 01/11/05
- Previous message: Soderland, Craig: "Re: [Full-Disclosure] Firespoofing [Firefox 1.0]"
- In reply to: mikx: "Firespoofing [Firefox 1.0]"
- Next in thread: Matthias Fichtner: "Re: Firespoofing [Firefox 1.0]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 11 Jan 2005 21:15:02 +0100 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
On Tue, 11 Jan 2005, mikx wrote:
> The bug is confirmed but currently unfixed (open for more than 3 months). As
> a partial workaround set dom.disable_window_flip to true in about:config.
Setting most of dom.disable_window_open_feature.* to true (and making it
impossible to remove browser "decorations" from browser windows) is a
pretty efficient (even if not 100% bullet-proof) way to thwart this kind
of attack. As well as other GUI spoofing attacks.
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
-- NTBugtraq Editor's Note: Most viruses these days use spoofed email addresses. As such, using an Anti-Virus product which automatically notifies the perceived sender of a message it believes is infected may well cause more harm than good. Someone who did not actually send you a virus may receive the notification and scramble their support staff to find an infection which never existed in the first place. Suggest such notifications be disabled by whomever is responsible for your AV, or at least that the idea is considered. --
- Previous message: Soderland, Craig: "Re: [Full-Disclosure] Firespoofing [Firefox 1.0]"
- In reply to: mikx: "Firespoofing [Firefox 1.0]"
- Next in thread: Matthias Fichtner: "Re: Firespoofing [Firefox 1.0]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
