Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mozilla UI Spoofing Vulnerability

Posted by CowboyNeal on Friday July 30, 2004 @10:06PM from the shields-up dept.

Short Circuit writes "Secunia has issued a security advisory for Mozilla and Firefox. Apparently, remote web sites can spoof the user interface using XUL. (See the Firefox proof of concept.) Of course, that won't stop me from using Firefox."

2 of 583 comments (clear)

Min score:

Reason:

Sort:

-1 Flamebait by JamesKPolk · 2004-07-30 22:13 · Score: 0, Flamebait

Let the debate begin: Life would be better/worse/the same if 90% of users used HTTP clients based on Mozilla because...
What bugs me more by eraserewind · 2004-07-31 01:00 · Score: 0, Flamebait

Is that I had disabled javascript from doing "everything" to windows in the javascript preferences, but lo and behold I find (from reading here) that it seems I need to also set a dozen crypric about:config preferences. That is really lousy security, and completely misleading.

All the people saying "well, IE is just as bad" completely miss the point. IE is recommended to not use by CERT, and the department of homeland security. You got really low standards if you think being no worse than that is some kind of mitigating factor.

The "trusted" part of the Browser UI should be unchangable by the remote site, period.