Author Topic: Firefox ID Theft  (Read 2980 times)

Offline W1nTry

  • Administrator
  • Akatsuki
  • *****
  • Posts: 11329
  • Country: tt
  • Chakra 109
  • Referrals: 3
    • View Profile
  • CPU: Intel Core i7 3770
  • GPU: Gigabyte GTX 1070
  • RAM: 2x8GB HyperX DDR3 2166MHz
  • Broadband: FLOW
  • Steam: W1nTry
  • XBL: W1nTry
Firefox ID Theft
« on: January 03, 2008, 02:11:57 PM »
Quote
ID Theft Vulnerability Haunts Firefox


firefox_security_vulnerability.png Israeli security researcher Aviv Raff has issued a warning for a fairly serious browser vulnerability that exposes Firefox users to identity theft attacks.

Raff, a well-respected hacker who regularly reports security problems in software products, discovered a way to use a browser bug to lure Firefox users into entering login credentials into a maliciously rigged dialog box.


The technical details:

    Mozilla Firefox displays an authentication dialog, whenever the visited web server returns 401 status code, and the "WWW-Authenticate" header. In order to specify basic authentication, the "WWW-Authenticate" header should have the value [Basic realm="XXX"] (without the brackets). The Realm value, which in this case is XXX, will be displayed in the authentication dialog window.

    While Firefox does not display the characters in the "WWW-Authenticate" header Realm value after the last double-quotes ("), it fails to sanitize single-quotes (') and spaces. This makes it possible for an attacker to create a specially crafted Realm value which will look as if the authentication dialog came from a trusted Web site.

Raff posted a (.wmv file) to demonstrate an attack scenario but declined to publish proof-of-concept code.

He did provide me with a private demo of the issue, which also works if a Firefox user attempts to load an RSS feed into Google Reader or iGoogle.

Raff's discovery highlights a very serious design deficiency that affects all modern Web browsers -- the use of hard-to-comprehend dialog boxes to handle trust between user and Web site.

I know Firefox is working on a better way to display trust to end users in Firefox 3, but, in this day and age, the average mom-and-pop will never understand certificate dialogs filled with techy jargon. They are the big target for these kinds of attacks.

Carigamers

Firefox ID Theft
« on: January 03, 2008, 02:11:57 PM »

Offline choxlate_saltfish

  • Chunin
  • **
  • Posts: 398
  • Chakra 1
  • Z-Muzic....where your music wants to be.
  • Referrals: 0
    • View Profile
    • Z-Muzic....where your music wants to be.
  • CPU: P4 3.4 GHz HP
  • GPU: ATI RAEDON X300 128MB
  • RAM: 1.5 G
Re: Firefox ID Theft
« Reply #1 on: January 03, 2008, 02:30:22 PM »
what is the best way to protect yourself from such attack? im a strong firefox user and have my full confidence in it.

Offline W1nTry

  • Administrator
  • Akatsuki
  • *****
  • Posts: 11329
  • Country: tt
  • Chakra 109
  • Referrals: 3
    • View Profile
  • CPU: Intel Core i7 3770
  • GPU: Gigabyte GTX 1070
  • RAM: 2x8GB HyperX DDR3 2166MHz
  • Broadband: FLOW
  • Steam: W1nTry
  • XBL: W1nTry
Re: Firefox ID Theft
« Reply #2 on: January 03, 2008, 02:45:41 PM »
Well it would be to not trust any and every site. Its been said that most internet users only visit around 8 pages if that much. If you are browsing to new sites or 'questionable' sites, always be aware that sites trying to install software, prompt for credentials or incite purchases or any other divulgence of information no matter how small COULD be a malicious site. Also be careful with even Certificate or SSL based websites. Keep in mind that many browser vulnerabilities don't even require user intervention but rather use known windows exploits, thus keeping your machine up to date in terms of patches (if you're using windoz) and using a firewall of SOME KIND even if its the built in windows firewall is better than nothing. Also keep your anti-virus definition files up to date and regularly use a anti-spam program to check for problems. If I continue this thread will no long be just about firefox XD but I guess I already past that...

Offline Saxito Pau

  • Global Moderator
  • Akatsuki
  • *
  • Posts: 3848
  • Country: tt
  • Chakra 15
  • Worms will never die!
    • Original NES
  • Referrals: 2
    • View Profile
  • CPU: Intel Core i7-3770
  • GPU: EVGA GTX 970 SC ACX2.0
  • RAM: Crucial Tracer 16GB DDR3-1600
  • BattleNet ID: SaxitoPau#1996
  • Broadband: Flow 60Mbps
  • Steam: Saxito Pau
Re: Firefox ID Theft
« Reply #3 on: January 03, 2008, 03:56:49 PM »
well a program call SiteAdvisor can help in that regard. I usually install it on my customers' PCs

www.siteadvisor.com
God is dead.

Offline daniboy79

  • Kage
  • ****
  • Posts: 1004
  • Chakra 9
  • Referrals: 0
    • View Profile
Re: Firefox ID Theft
« Reply #4 on: January 03, 2008, 07:16:15 PM »
well a program call SiteAdvisor can help in that regard. I usually install it on my customers' PCs

www.siteadvisor.com

i second that Sax! i've been using Siteadvisor for about 2 years now, and it's a brilliant add-on.

and talkin about add-ons, i've found this sweet add-on called 'Cooliris' check it out to find out more!
Antec 900
Gigabyte EP35-DS3L
Intel Q6600 with Tt TMGi1 HSF
2GB Crucial Ballistix Tracer PC2 6400 (4,4,4,12)
eVGA GeForce 8800GTS 640MB
Maxtor-DM21 250GB  SATAII
Seagate 500GB SATAII
Acer AL2223Wd 22" Monitor
Logitech Z5500 5.1 Surround Monitors

Carigamers

Re: Firefox ID Theft
« Reply #4 on: January 03, 2008, 07:16:15 PM »

Offline mailman166

  • TriniTechSquad
  • Jonin
  • *
  • Posts: 738
  • Country: 00
  • Chakra -31
  • www.facebook.com/gadgetgurutt
    • Gamecube, Sega Genesis, NES
  • Referrals: 0
    • View Profile
  • CPU: Core 2 Duo E6750
  • GPU: ATI 4670 Radeon 1gig
  • RAM: 2*2 Corsair XMS DDR2 800
  • Broadband: FLOW
Re: Firefox ID Theft
« Reply #5 on: January 05, 2008, 05:15:24 PM »
I use no script in firefox ...

Carigamers

Re: Firefox ID Theft
« Reply #5 on: January 05, 2008, 05:15:24 PM »

 


* ShoutBox

Refresh History
  • Crimson609: yea everything cool how are you?
    August 10, 2022, 07:26:15 AM
  • Pain_Killer: Good day, what's going on with you guys? Is everything Ok?
    February 21, 2021, 05:30:10 PM
  • Crimson609: BOOM covid-19
    August 15, 2020, 01:07:30 PM
  • Shinsoo: bwda 2020 shoutboxing. omg we are in the future and in the past at the same time!
    March 03, 2020, 06:42:47 AM
  • TriniXjin: Watch Black Clover Everyone!
    February 01, 2020, 06:30:00 PM
  • Crimson609: lol
    February 01, 2020, 05:05:53 PM
  • Skitz: So fellas how we go include listing for all dem parts for pc on we profile but doh have any place for motherboard?
    January 24, 2020, 09:11:33 PM
  • Crimson609: :ph34r:
    January 20, 2019, 09:23:28 PM
  • Crimson609: Big up ya whole slef
    January 20, 2019, 09:23:17 PM
  • protomanex: Gyul like Link
    January 20, 2019, 09:23:14 PM
  • protomanex: Man like Kitana
    January 20, 2019, 09:22:39 PM
  • protomanex: Man like Chappy
    January 20, 2019, 09:21:53 PM
  • protomanex: Gyul Like Minato
    January 20, 2019, 09:21:48 PM
  • protomanex: Gyul like XJin
    January 20, 2019, 09:19:53 PM
  • protomanex: Shout out to man like Crimson
    January 20, 2019, 09:19:44 PM
  • Crimson609: shout out to gyal like Corbie Gonta
    January 20, 2019, 09:19:06 PM
  • cold_187: Why allur don't make a discord or something?
    December 03, 2018, 06:17:38 PM
  • Red Paradox: https://www.twitch.tv/flippay1985 everyday from 6:00pm
    May 29, 2018, 09:40:09 AM
  • Red Paradox: anyone play EA Sports UFC 3.. Looking for a challenge. PSN: Flippay1985 :)
    May 09, 2018, 11:00:52 PM
  • cold_187: @TriniXjin not really, I may have something they need (ssd/ram/mb etc.), hence why I also said "trade" ;)
    February 05, 2018, 10:22:14 AM

SimplePortal 2.3.3 © 2008-2010, SimplePortal