Quantcast
RSS
Software / Services November 27, 2006 6:00 AM

Flaw Leaves Firefox Vulnerable

By Robert McMillan, IDG News Service

A flaw in Mozilla's Firefox browser makes it easy for cybercriminals to steal user information on Web sites where users create their own pages, such as MySpace.com.

People who read this also read:

Password Manager Bug

The flaw lies in Firefox's Password Manager software, which can be tricked into sending password information to an attacker's Web site, said Robert Chapin, president of Chapin Information Services. For this attack to work, attackers need to be able to create HTML forms on the Web site, something that is allowed on blogging and social networking sites.

The attack was used in a MySpace phishing attack reported in late October. In that attack, users registered a MySpace account named login_home_index_html and used it to host a fake log-in page that exploited the flaw.

This page sent MySpace username and password information to another Web site, and MySpace users who visited the page using Firefox could have easily had their information compromised, said Chapin.

No Verification

Firefox developers rate this bug critical, according to an entry in the project's Bugzilla database.

The flaw arises because Firefox's Password Manager does not perform a thorough enough check when it is deciding whether to send password information, and then does not ensure that password information is being sent to the server that requested it, Chapin said. In the MySpace attack, for example, Firefox would check to see if the form was coming from the MySpace.com domain, but did not make sure that the password information was being sent back to a MySpace server.

"From a programming point of view, this is almost like a typo," he said. "Ironically I think that's why it hasn't been discovered until now. It was just way too obvious."

Chapin has posted an analysis of this type of attack, which he has dubbed a Reverse Cross-Site Request, as well as a demonstration of how it works.

It's in IE, Too

Microsoft Internet Explorer (IE) is also susceptible to these type of attacks because, like Firefox, it does not ensure that password information is being sent to the same server that requests it, Chapin said.

But IE is less likely to be tricked because it does a more thorough job in checking to see where the log-in form is coming from before it automatically submits password and user information, he added.

Was this article useful? Yes 0 No 0

Read more like this: , , , , , , ,

Add Yours

Comments Readers reply with their ideas and expertise.

Subscribe to this discussion via email or RSS

  • What do you think?

  • Great year-end deals
    for small business!

  • Get 24/7 live remote AT&T Tech Support 360* service along with select Lenovo* PCs (with Intel® Core™ 2 Duo processors) and save up to 200!

    Learn more

  • HP EliteBook* 6930p Notebook with Intel® vPro™ technology and a free HP Basic Docking Station - $641 instant savings!

    Learn more

  • *Other names and brands may be claimed as the property of others. ©2009 Intel Corporation. Intel, the Intel logo, vPro and Core trademarks of Intel Corporation in the United States and other countries. All rights reserved.
Business News Daily

Get the latest technology news that's important to you and your business, fresh seven days a week.

Internet downloads

359 more results...
Featured Webcasts
More webcasts »

Free Whitepapers

Software and Services Whitepapers from PC World

More whitepapers »

Whitepaper Alerts

Get updates on white papers, case studies, and spotlights on tech products and solutions for your business.

PC World's Marketplace

Sponsored Links