New Spoofing Vulnerability in IE

← Back to Stories (view on slashdot.org)

New Spoofing Vulnerability in IE

Posted by CowboyNeal on Thursday December 16, 2004 @12:57PM from the url-b-gone dept.

Jimmy M. writes "A new vulnerability has been announced in Internet Explorer, also affecting XP SP2, which can very easily be exploited by a malicious web site to completely spoof the address bar. The vulnerability is very similar to another vulnerability disclosed just about a year ago called the '%00' vulnerability, which also was widely exploited by phishers. A demonstration is also available."

6 of 372 comments (clear)

Min score:

Reason:

Sort:

That's nothing! by Anonymous Coward · 2004-12-16 12:58 · Score: -1, Offtopic

An exploit in this webserver allowed me to get the first post!
FIRST! by Anonymous Coward · 2004-12-16 12:59 · Score: -1, Offtopic

AHHHHH!!
NO FIRST POST FOR YOU!! by Anonymous Coward · 2004-12-16 13:07 · Score: -1, Offtopic

Come back, ONE STORY!!!
[/fp nazi]
Re:Microsoft is so sweet by bitflip · 2004-12-16 13:25 · Score: 0, Offtopic

Yeah, worked for Kerry, didn't it?
Speaking of Firefox... by Anonymous Coward · 2004-12-16 13:34 · Score: -1, Offtopic

While we all flame Microsoft and laud the many benefits of Firefox, let me take advantage of this opportunity to point out the short attention span of the Slashdot collective.
Secunia Advisory SA11856:
"A weakness has been reported in Mozilla... caused due to an error within the handling of URLs... [Information] displayed in the address bar can be constructed in a certain way, which may lead users to believe that they're visiting another web site than the displayed web site.
Example: http://[trusted_site]%2F%20%20%20.[malicious_site] /
Better colours by Anonymous Coward · 2004-12-16 14:34 · Score: -1, Offtopic

http://shit.slashdot.org/article.pl?sid=04/12/16/2 314224