Firefox spoofing flaw reported

By Tom Espiner, ZDNet UK
Monday, January 07, 2008 10:41 AM

Mozilla's Firefox Web browser is vulnerable to spoofing attacks, according to an Israeli security researcher.

Aviv Raff reported on his blog last week that Mozilla Firefox v2.0.0.11 allows information presented in a basic authentication dialog box to be spoofed, opening up the possibility of users being redirected to a malicious Web site. Earlier versions of the browser may also be affected.

According to Raff, when a Web server returns a 401 status code, it causes Firefox to display an authentication dialog box. The 401 status code is returned by the Web server when it recognizes that the HTTP data stream sent by a browser or bot is correct, but access to the URL requires further user authentication.

The authentication dialog box displays the server URL in what is called the WWW-Authenticate header field. This URL is in part defined by the realm value and, according to Raff, it is possible for an attacker to create a specially crafted realm value that will look as if the authentication dialog came from a trusted Web site.

This is due to Firefox failing to sanitize single quotes and spaces in the WWW-Authenticate header field, after a legitimate realm value enclosed in double quotes has been given.

At least two possible attack vectors are opened by this reported flaw, according to Raff. Man-in-the-middle attackers could create a Web page with a link to a trusted Web site such as a bank.

When a victim clicks on the link on the malicious page, the trusted Web page would be opened in a new window. A script would be executed to redirect the newly opened window to the attacker's Web server, allowing username and password details to be compromised.

Alternatively, an attacker could embed an image in an e-mail or Web page which, when clicked on, would return a specially crafted dialog login from the attacker's Web server, again allowing authentication details to be compromised.

President of Mozilla Europe, Tristan Nitot, told ZDNet.co.uk that Mozilla is in the process of investigating the report, and so could not comment further at this time.

"We take security seriously," said Nitot. "We are taking this report seriously, and are investigating."

0

0 votes

Save to My Library

Talkback 0 comments

There are currently no comments for this post.

Reply to story

Related Whitepapers

Tech Jobs Now!

TechGuides

Specials
News and Interviews
Whiteboard

UOB banks on economic downturn
Singapore bank's IT chief Susan Hwee explains how financial crisis offers new opportunities to reengineer
Play video
Domino's Pizza keeps customers eating
CEO Don Meij discusses strategy to grow customer base
Play video

American Airlines extends connections
Advancing IT at one of the world's largest airlines
Play video
Facebook COO sees economic models changing on the Web
Shifting from information Web to social Web
Play video

Enterprise 2.0
Vince Casarez, vice president of product management at Oracle, explains how Web 2.0 technologies, such as tags, wikis, and mash-ups, can be applied within an organization.
Play video
Reduce TCO Through Virtualization Technology
What makes the new generation Intel® Xeon® processors valuable to Business IT with demanding workloads?
Play video