Just Another Blog

Are you thinking what I'm thinking?

Wednesday, August 11, 2004

Mozilla Spoofing Vulnerability

Be careful when you're viewing webpages opened with JavaScript under Mozilla/Firefox: they may be fake!

The vulnerability is that Mozilla/Firefox is able to open XUL files in remote server. XUL is an XML format for user interfaces. It is a feature. But unfortunately someone can create an XUL that looks (and functions) like Mozilla/Firefox.

This trick only works for popup window if no taskbar and status bar. If you open the XUL with normal window or tab, you'll notice that it is fake. In case if you don't have Mozilla/Firefox (you should), here is a screenshot taken by me:

Beware when you are viewing popup page from untrusted sites. ;-)


Note that troll and spam comments will be deleted without any notification.

Post a Comment

<< Home