<< Main and accessibility... | Home | Blog Migration Tool 0.2 is out! >>

Security Advisor for Mozilla Browsers

Mozilla (and expecially Firefox) are becoming widespread browsers and the first security alerts are coming out...

Secunia has released a security advisor for a new Mozilla / Mozilla Firefox User Interface Spoofing Vulnerability.

The problem is that Mozilla and Mozilla Firefox don't restrict websites from including arbitrary, remote XUL (XML User Interface Language) files (the Mozilla user interface is built using XUL files). This can be exploited to "hijack" most of the user interface (including toolbars, SSL certificate dialogs, address bar and more), thereby controlling almost anything the user sees.

Solutions to this? For the moment only one... do not follow links from untrusted sites!

Print | posted on Saturday, July 31, 2004 7:44 AM

Comments on this post

# re: Security Advisor for Mozilla Browsers

Requesting Gravatar...
Other workaround - change your UI from the defaults (small icons instead of large, personal toolbar, extensions that add a toolbar to your UI, change the width of your search window)
Left by Chris Slatt on Jul 31, 2004 8:31 AM

# re: Security Advisor for Mozilla Browsers

Requesting Gravatar...
From what I understand that doesn't help? After reading all the bug replies it seems you can get the layout of the current skin through a crome:// handler?

Ah, at least everybody can stop their religious IE vs the rest-wars now, everything has bugs
Left by David Cumps on Jul 31, 2004 10:04 AM

# re: Security Advisor for Mozilla Browsers

Requesting Gravatar...
I think that when a browser starts to do really widespread (first IE, now Firefox) the bugs are coming out...
Left by Stefano Demiliani on Aug 01, 2004 10:31 AM

Your comment:

 (will show your gravatar)
 
Please add 7 and 2 and type the answer here: