Just Another Blog: Mozilla Spoofing Vulnerability

Wednesday, August 11, 2004

Mozilla Spoofing Vulnerability

Be careful when you're viewing webpages opened with JavaScript under Mozilla/Firefox: they may be fake!

The vulnerability is that Mozilla/Firefox is able to open XUL files in remote server. XUL is an XML format for user interfaces. It is a feature. But unfortunately someone can create an XUL that looks (and functions) like Mozilla/Firefox.

This trick only works for popup window if no taskbar and status bar. If you open the XUL with normal window or tab, you'll notice that it is fake. In case if you don't have Mozilla/Firefox (you should), here is a screenshot taken by me:

Beware when you are viewing popup page from untrusted sites. ;-)

0 Comments:

Note that troll and spam comments will be deleted without any notification.

Post a Comment

<< Home

About Me

Name: minghong

Location: Hong Kong, Hong Kong

An ordinary Hong Kong young man, graduated in computer science at City University of Hong Kong in 2005, who likes surfing, blogging and watching anime/manga. An evangelist of web standards, non-toy Databases, Mozilla, Google, Gmail, and Blogger.

Just Another Blog

Wednesday, August 11, 2004

Mozilla Spoofing Vulnerability

0 Comments:

About Me

Previous Posts