News Stay informed about the latest enterprise technology news and product updates.

Mozilla fixes security hole

Mozilla has fixed a spoofing flaw discovered in multiple browsers earlier this month.

Mozilla has fixed a security hole an attacker could exploit to spoof the URL in your address bar and play similar...

tricks with SSL certificates and status bars. The glitch was reported earlier this month in a variety of browsers.

Danish security firm Secunia said in an advisory that the vulnerability is "moderately critical." It has offered a test users can run to see if their browsers are affected. As a workaround, the firm recommended users manually type URLs in the address bar

More on browser security

Attacking the alternative: A look at Firefox

Spoofing flaw in multiple browsers

and avoid links from untrusted sources.

The security hole is the "unintended result of the International Domain Name (IDN) implementation," which allows the use of international characters in domain names. "This can be exploited by registering domain names with certain international characters that resemble other commonly used characters, thereby causing the user to believe they are on a trusted site," Secunia said.

Secunia confirmed the condition in Mozilla 1.7.5, Firefox 1.0 and Thunderbird 1.0. Other versions may also be affected, the firm said. Mozilla has since fixed the problem in Firefox 1.0.1.

The same vulnerability was also found in:

  • Opera 7.54u1 and 7.54u2
  • Netscape 7.2
  • OmniWeb 5.1
  • Safari 1.2.4
  • Konqueror 3.2.2

Dig Deeper on Web browser security

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.