Firefox Spoofing Bug Puts Passwords At Risk

hairyfeet writes "Aviv Raff, an Israeli researcher known for his work in hunting browser bugs, has revealed a Firefox spoofing vulnerability which could allow identity thieves to dupe users into giving up their password. According to Mr. Raff Firefox fails to sanitize single quotes and spaces in the 'Realm' value of an authentication header. Raff was quoted as saying 'This makes it possible for an attacker to create a specially crafted Realm value which will look as if the authentication dialog came from a trusted site.' This vulnerability was shown to be in the latest Firefox, version 2.0.0.11 and until Mozilla fixes this vulnerability Mr. Raff recommends in his blog 'not to provide username and password to Web sites which show this dialog.'"

Re:An honest Security Bug

[bogaboga]

I am inclined to conclude that Firefox is not as secure as first thought. Of late, I have seen more security related bugs on Firefox than Windows Internet Explorer. I hope I am wrong.

I wonder how many bugs have not been discovered yet.

SLASHDOT CENSORSHIP: 1984 IS HERE!!!

Slashdot is deleting replies that it deems politically subversive, like this one!

Welcome to Totalitarianism in the 21st Century!

Fight the power!!!

Re:Phishing

[somersault]

The kind of person that falls for phishing is screwed in life anyway. Firefox 'zealots' simply recommend an easily-better-than-IE browser to their friends and associates, and a lot of them will just happen to be people with no common sense.

Re:Please enter your credentials here:

[Freeside1]

When you spill hot coffee on your gonads while driving, it's not your fault. It's McDonald's. Seems like nowadays personal accountability is dead, though I can't say I remember a time when it wasn't dead...