Closed
Bug 253745
Opened 20 years ago
Closed 20 years ago
Mozilla / Mozilla Firefox User Interface Spoofing Vulnerability
Categories
(Core :: Security, defect)
Tracking
()
VERIFIED
DUPLICATE
of bug 252198
People
(Reporter: dovix2003, Assigned: dveditz)
References
()
Details
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040212 Firefox/0.8
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040212 Firefox/0.8
Quote:
This spoof is designed for Firefox 0.9 and later. On anything else, it won't
work. In order for this spoof to have maximal effect, you should allow
Javascript to hide the status bar [Tools | Options | Web Features | Advanced |
Hide the status bar] which is the default setting on all versions of Firefox 0.9
(!). You also should not have enabled any screen clutter, like any non-default
toolbars.
[updated to nightly 20040726] View the Firefox 0.9.0 - 0.9.2 version or the
Firefox Nightly Build version. (If you want to see it in context, try this, and
try the "log in" link at the bottom.). You will note that both links now work on
all 0.9 browsers, but the second emulates the different security UI included in
the latest nightlies.
While you are shopping, try double-clicking on the padlock icon in the lower
left corner. Now even the "View" button works. Or, try enabling a really
funky-looking theme. Notice that the spoof keeps pace -- even the padlock icon
matches!
Note: I got the link from Secunia:
http://secunia.com/advisories/12188/
They gave it a "Moderately critical" status.
Reproducible: Always
Steps to Reproduce:
Please see link.
Comment 1•20 years ago
|
||
*** This bug has been marked as a duplicate of 252198 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Updated•20 years ago
|
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•