Spoofing flaw in multiple browsers

Article

Spoofing flaw in multiple browsers

Bill Brenner, News Writer

Attackers could exploit an unpatched security hole in multiple browsers to spoof the URL in your address bar and play similar tricks with SSL certificates and status bars, according to Secunia.

The Danish security firm labeled the vulnerability "moderately critical" and is offering a test users can run to see if their browsers are affected. The firm recommends users manually type URLs in the address bar and avoid links from untrusted sources.

The security hole is the "unintended result of the International Domain Name (IDN) implementation," which allows the use of international characters in domain names. "This can be exploited by registering domain names with certain international characters that resemble other commonly used characters, thereby causing the user to believe they are on a trusted site," Secunia said in its advisory.

The vulnerability has been confirmed in the following products:

Opera 7.54u1 and 7.54u2
Netscape 7.2
Mozilla 1.7.5 and Firefox 1.0
OmniWeb 5.1
Safari 1.2.4
Konqueror 3.2.2.

Requires Free Membership to View

Login

SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

Michael S. Mimoso, Editorial Director

By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Related news stories

Attacking the alternative: A look at Mozilla's Firefox browser

Injection flaw in popular browsers

Related Topics: Web Browser Security, VIEW ALL TOPICS

Dig Deeper

Articles

Related glossary terms

Terms for Whatis.com - the technology online dictionary

Show me more

Join the conversationComment

Share

Comments

Results

Contribute to the conversation

All fields are required. Comments will appear at the bottom of the article.

More from Related TechTarget Sites

Cloud Security
Security Channel
SMB Security
Financial Security
Security UK
Security AU
Security IN

Cloud Security
- Cloud DLP: Understanding how DLP works in virtual, cloud environments
  
  Applying DLP technology to virtual machines can enable cloud computing with enhanced security and compliance.
- Leveraging Microsoft Azure security features for PaaS security
  
  Organizations can boost PaaS security late in the game by implementing these stopgap measures.
- Quiz: Understanding cloud-specific security technologies
  
  Think you understand cloud-specific security technologies as well as expert Joseph Granneman does? Test your knowledge with this quiz.
Security Channel
- Biometric authentication methods: Comparing smartphone biometrics
  
  Biometric authentication helps ensure only authorized smartphone users can access a network. David Jacobs weighs the pros and cons of three methods.
- F5 Vault program embraces incentives for F5 firewall, security sales
  
  The Vault partner program uses incentives to increase visibility for F5 firewalls and its architecture bundle.
- Using DMARC to improve DKIM and SPF email antispam effectiveness
  
  DMARC aids the DKIM and SPF protocols that help keep spam out and let legitimate emails in. David Jacobs explains how.
searchMidmarketSecurity
- Windows Phone 7 security: Assessing WP7 security features
  
  Windows Phone 7 security features are proving to be a mixed bag. Sam Cattle assesses the enterprise security pros and cons of the latest Windows mobile platform.
- Choosing the best security certifications for your career
  
  Whether starting your career or planning your next step as an IT security professional, this tip will guide you toward the best certifications for your interests and experience.
- Midmarket security tutorials
  
  SearchMidmarketSecurity.com’s tutorials offer IT professionals in-depth lessons and technical advice on the hottest topics in the midmarket IT security industry. Through our tutorials we seek to provide site members with the foundational knowledge needed to deal with the increasingly challenging job of keeping their organizations secure.
searchFinancialSecurity
- Microsoft attempts legal action to disrupt some Zeus botnets
  
  Legal and technical actions could disrupt some Zeus botnet operations by seizing command-and-control servers in Pennsylvania and Illinois.
- More than hype: Security big data helps bank to boost security program
  
  At RSA Conference 2012, Zions Bancorporation detailed how it harvested security big data using a Hadoop-based security data warehouse.
- Web application threats: What you really need to know
  
  In this special presentation, Mike Rothman details today's top Web application threats and pragmatic methods to integrate security into the Web application development process.
Security UK
- File upload security best practices: Block a malicious file upload
  
  Do your Web app users upload files to your servers? Find out the dangers of malicious file uploads and learn six steps to stop file-upload attacks.
- MDM, security vendors scramble to address BYOD security issues
  
  Organisations are looking beyond NAC and MDM to resolve BYOD security issues; MDM, security and hybrid vendors are responding with new products.
- ICO fines Welsh health board £70,000 for patient record loss
  
  For the first time, the ICO fines an NHS organisation for sending patient data to the wrong person.
searchSecurityAU
- Leveraging Microsoft Azure security features for PaaS security
  
  Organisations can boost PaaS security late in the game by implementing these stopgap measures.
- With mobile payments, security teams must move quickly
  
  As employees make payments on their mobile devices, the security team must act quickly to ensure corporate assets remain secure.
- PCI virtualization compliance still a challenge
  
  No black and white when it comes to PCI compliance in virtualized environments, experts say.
Information Security
- CEH certification gains credence in IT security domain
  
  CEH certification is much sought after in the IT security domain today. Here’s how you can obtain CEH certification and why you should attempt do so.
- Information security budgets: Five steps to obtain management buy-in
  
  Getting management to approve security budgets is difficult. Here are guidelines to help you prepare and present information security budgets effectively.
- Maltego tutorial - Part 1: Information gathering
  
  Maltego is a powerful OSINT information gathering tool. Our Maltego tutorial teaches you how to use Maltego for personal reconnaissance of a target.

All Rights Reserved, Copyright 2000 - 2012, TechTarget