No. 1 Story

HP job cuts loom for Australian employees

A number of Australian employees of Hewlett-Packard are facing the loss of their jobs as the global computer giant looks to slash its worldwide workforce by up to 30,000.

read more

Related Articles

Firefox, authentication, spoofing, vulnerability

More From

Popular Threads

Firefox authentication spoofing vulnerability

Stephen Withers
Monday, 07 January 2008 08:28

Business IT - Open Source

View Comments
A researcher has identified a vulnerability in Firefox's basic authentication dialog that may help phishers fool users into false feelings of security.
The problem is that is is possible to craft a WWW-Authenticate header in such a way that Firefox will display an authentication dialog that at first glance resembles that of the real site.

Aviv Raff, who brought the problem to light, says possible exploits include links to "trusted website" such as banks, PayPal or webmail services, coupled with scripting to redirect the newly opened window to the attacker's server.

Other browsers, such as Internet Explorer and Opera display the data in a format that makes it more obvious that the information came from a site other than the one from which it purports to originate.

"Until Mozilla fixes this vulnerability, I recommend not to provide username and password to web sites which show this dialog," says Raff.

According to the Mozilla Security Blog, "Mozilla is currently investigating this issue and has assigned it an initial security severity rating of low."

Our Services for Technology Professionals

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases