[NEWS] Firefox Phishing Protection Bypass Vulnerability (Multiple /)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -



Firefox Phishing Protection Bypass Vulnerability (Multiple /)
------------------------------------------------------------------------


SUMMARY

Phishing Protection takes Firefoxs security to a new level, helping to
safeguard your financial information and protect you from identity theft.
When you encounter a Web site that is a suspected forgery (known as a
phishing site) Firefox will warn you and offer to take you to a search
page so you can find the real Web site you were looking for.

A vulnerability in Firefox's Phishing protection allows people that
conduct phishing to fool Firefox into thinking that the site is secure
where in fact it should have been marked a phishing site.

DETAILS

Vulnerable Systems:
* Firefox 2.0.0.1

It is possible to bypass Phishing Protection by add some characters to URL
address. URL will be still valid and will work properly but we are not
aware of Phishing warning.

When we add "/" char at the end of domain in URL field - for Phishing
Protection it will be another site than original and Phishing Protection
Test will fail. Example: When my URL is on Phishing List:
http://kaneda.bohater.net/phish.html - warning will be displayed

http://kaneda.bohater.net//phish.html - warning will NOT be displayed

Of course we can add more "/".

Like live shows <http://sla.ckers.org/forum/read.php?13,2253> Firefox
HexEncoding Anti-Phishing bypass Phishers can use this technique in near
future to abusive actions.

Timeline:
* 2007.01.09 bug discovered
* 2007.01.19 "/" bug sent to http://bugzilla.mozilla.org [Bug 367538]
* 2007.01.19 answer from Mozilla:
https://bugzilla.mozilla.org/show_bug.cgi?id=367538
* 2007.02.06 posted to Bugtraq


ADDITIONAL INFORMATION

The information has been provided by <mailto:kaneda@xxxxxxxxxxx>
Kanedaaa.
The original article can be found at:
<http://kaneda.bohater.net/security/20070111-firefox_2.0.0.1_bypass_phishing_protection.php> http://kaneda.bohater.net/security/20070111-firefox_2.0.0.1_bypass_phishing_protection.php



========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages