TulipTools Internet Business Owners and Online Sellers Community

TulipTools Internet Business Owners and Online Sellers Community > Operating Systems, Browsers, and Email Clients > Operating Systems, Browsers, and Email Clients and Services > Internet Browsers > Mozilla Browsers: Firefox, Mozilla, Netscape > Flaw in how Firefox handles log-ons leaves passwords vulnerable to ID thieves
Full Version: Flaw in how Firefox handles log-ons leaves passwords vulnerable to ID thieves
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

mandy

01-05-2008, 10:34 AM
Quote:A serious flaw in how Firefox handles log-ons could be used by identity thieves to dupe users into disclosing passwords, a noted security researcher said Wednesday...

According to Raff, Firefox 2.0.0.11 -- Mozilla Corp.'s most current version -- fails to sanitize single quotation marks and spaces in what's called the "Realm" value of an authentication header. "This makes it possible for an attacker to create a specially crafted Realm value which will look as if the authentication dialog came from a trusted site," said Raff...

full article: http://www.pcworld.com/article/id,140997...ticle.html
TulipTools Internet Business Owners and Online Sellers Community > Operating Systems, Browsers, and Email Clients > Operating Systems, Browsers, and Email Clients and Services > Internet Browsers > Mozilla Browsers: Firefox, Mozilla, Netscape > Flaw in how Firefox handles log-ons leaves passwords vulnerable to ID thieves