Firefox spoofing flaw reported

By Tom Espiner, ZDNet UK
Monday, January 07, 2008 10:41 AM

Mozilla's Firefox Web browser is vulnerable to spoofing attacks, according to an Israeli security researcher.

Aviv Raff reported on his blog last week that Mozilla Firefox v2.0.0.11 allows information presented in a basic authentication dialog box to be spoofed, opening up the possibility of users being redirected to a malicious Web site. Earlier versions of the browser may also be affected.

According to Raff, when a Web server returns a 401 status code, it causes Firefox to display an authentication dialog box. The 401 status code is returned by the Web server when it recognizes that the HTTP data stream sent by a browser or bot is correct, but access to the URL requires further user authentication.

The authentication dialog box displays the server URL in what is called the WWW-Authenticate header field. This URL is in part defined by the realm value and, according to Raff, it is possible for an attacker to create a specially crafted realm value that will look as if the authentication dialog came from a trusted Web site.

This is due to Firefox failing to sanitize single quotes and spaces in the WWW-Authenticate header field, after a legitimate realm value enclosed in double quotes has been given.

At least two possible attack vectors are opened by this reported flaw, according to Raff. Man-in-the-middle attackers could create a Web page with a link to a trusted Web site such as a bank.

When a victim clicks on the link on the malicious page, the trusted Web page would be opened in a new window. A script would be executed to redirect the newly opened window to the attacker's Web server, allowing username and password details to be compromised.

Alternatively, an attacker could embed an image in an e-mail or Web page which, when clicked on, would return a specially crafted dialog login from the attacker's Web server, again allowing authentication details to be compromised.

President of Mozilla Europe, Tristan Nitot, told ZDNet.co.uk that Mozilla is in the process of investigating the report, and so could not comment further at this time.

"We take security seriously," said Nitot. "We are taking this report seriously, and are investigating."


WORTHWHILE?

0

0 votes
Blog

Talkback 0 comments

There are currently no comments for this post.


Tech Jobs Now!

Search for your ideal tech job:

News from Countries/Region

Common ways IT wastes money on development

Web Development

Examples include using developers as support staff and failing to calculate a project's ROI before giving it the go-ahead.


Read more »



  • Enterprise 2.0

    Vince Casarez, vice president of product management at Oracle, explains how Web 2.0 technologies, such as tags, wikis, and mash-ups, can be applied within an organization.
    Play video


  • Nehalem Architecture

    What makes next-generation Intel® Microarchitecture (Nehalem) such a superior successor?
    Play video

 
On demand CRM goes strategic
CRM technology has come of age, and is now able to align with your customer strategy and grow in step with your business.

» Learn more about Oracle’s CRM Solutions


Free the untapped potential of your IT infrastructure
Reduce bottlenecks to drive the efficiency and productivity of Business IT.
» Ultimate virtualization blade
» Scalable SAN solution
» Accelerate service delivery

Could this be the most critical budget for India?

Blog thumbnail

For business journalists in India, budget time is excitement time. It's like sports journos covering the Olympics. As a newspaper correspondent, I too had my fill of budget-time excitement. But..... by Swati Prasad

Read more »

Tags

  1. attack
  2. bank
  3. blog
  4. data security
  5. e - mail
  6. hacking
  7. internet
  8. malware
  9. microsoft corp.
  10. network
  11. network security
  12. pc security
  13. researcher
  14. security
  15. security management
  16. software
  17. spam and phishing
  18. u.s.
  19. viruses and worms
  20. web