Re: New possible scam method : forged websites using XUL (Firefox)

From: Nicholas Knight (nknight_at_runawaynet.com)
Date: 08/01/04

  • Next message: Thierry Carrez: "[ GLSA 200408-01 ] MPlayer: GUI filename handling overflow"
    Date: Sun, 01 Aug 2004 12:43:36 -0700
    To: bugtraq@securityfocus.com
    
    

    Marc wrote:

    > The latest version of Firefox is 0.9.2.
    >
    >
    >>The developers of Mozilla are currently looking into various
    >>methods to make a fake user interface more obvious. The most
    >>likely solution will be to force the status bar to always be
    >>visible, as Microsoft will do with IE6 SP2.
    >
    >
    > This appears to be the case with 0.9.2.

    Tools -> Options -> Web Features -> Advanced button by Java/Javascript
    check boxes. I'll bet you have "Hide the status bar" unchecked.

    This caught me for a moment, too, then I remembered I always disable
    everything in the Advanced JavaScript Options box, and that's one of
    them. So users actually have a defence right now, but they have to
    specifically set it themselves.


  • Next message: Thierry Carrez: "[ GLSA 200408-01 ] MPlayer: GUI filename handling overflow"