Home > Security News > Spoofing flaw in multiple browsers
Security News:
EMAIL THIS

Spoofing flaw in multiple browsers

By Bill Brenner, News Writer
07 Feb 2005 | SearchSecurity.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

Attackers could exploit an unpatched security hole in multiple browsers to spoof the URL in your address bar and play similar tricks with SSL certificates and status bars, according to Secunia.

The Danish security firm labeled the vulnerability "moderately critical" and is offering a test users can run to see if their browsers are affected. The firm recommends users manually type URLs in the address bar and avoid links from untrusted sources.

The security hole is the "unintended result of the International Domain Name (IDN) implementation," which allows the use of international characters in domain names. "This can be exploited by registering domain names with certain international characters that resemble other commonly used characters, thereby causing the user to believe they are on a trusted site," Secunia said in its advisory.

The vulnerability has been confirmed in the following products:

  • Opera 7.54u1 and 7.54u2
  • Netscape 7.2
  • Mozilla 1.7.5 and Firefox 1.0
  • OmniWeb 5.1
  • Safari 1.2.4
  • Konqueror 3.2.2.
Related news stories

Attacking the alternative: A look at Mozilla's Firefox browser

Injection flaw in popular browsers


Tags: Web Browser SecurityVIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED CONTENT
Web Browser Security
Exploit code targets Internet Explorer zero-day display flaw
InZero Systems launches hardware-based security gateway
Web security firm ranks Firefox, Safari browsers as flaw prone
Microsoft fixes security update that breaks Internet Explorer
Mozilla update repairs Firefox buffer overflow vulnerabilities
Kaspersky system analyzes malicious URLs on Twitter for malware
Silon malware intercepts Internet Explorer sessions, steals credentials
Do Facebook URL security concerns justify blocking social networks?
Phishing attacks to remain a major problem, say security experts
Adrian Perrig: Improve SSL/TLS Security Through Education and Technology
Web Browser Security Research

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
browser hijacker  (SearchSecurity.com)
cache cramming  (SearchSecurity.com)
cache poisoning  (SearchSecurity.com)
honey monkey  (SearchSecurity.com)
JavaScript hijacking  (SearchSecurity.com)
NCSA  (SearchSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



More Tips to Secure Your Network
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts