Spoofing flaw in multiple browsers

Opera, Mozilla, Safari and Konqueror contain a security hole attackers could use to mimic URLs and SSL certificates.

Attackers could exploit an unpatched security hole in multiple browsers to spoof the URL in your address bar and play similar tricks with SSL certificates and status bars, according to Secunia.

The Danish security firm labeled the vulnerability "moderately critical" and is offering a test users can run to see if their browsers are affected. The firm recommends users manually type URLs in the address bar and avoid links from untrusted sources.

The security hole is the "unintended result of the International Domain Name (IDN) implementation," which allows the use of international characters in domain names. "This can be exploited by registering domain names with certain international characters that resemble other commonly used characters, thereby causing the user to believe they are on a trusted site," Secunia said in its advisory.

The vulnerability has been confirmed in the following products:

  • Opera 7.54u1 and 7.54u2
  • Netscape 7.2
  • Mozilla 1.7.5 and Firefox 1.0
  • OmniWeb 5.1
  • Safari 1.2.4
  • Konqueror 3.2.2.
Related news stories

Attacking the alternative: A look at Mozilla's Firefox browser

Injection flaw in popular browsers

Dig deeper on Web Browser Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close