PALMisLIFE 討論區

標題: [轉貼] Mozilla 和 Firefox 有漏洞囉!! [列印本頁]

作者: Katsuya 時間: 2005-2-17 21:05
標題: [轉貼] Mozilla 和 Firefox 有漏洞囉!!
轉自老神
詳情: http://secunia.com/advisories/14163/

Mozilla Products IDN Spoofing Security Issue

SECUNIA ADVISORY ID:
SA14163

發佈日期:
2005-02-07

最新更新:
2005-02-14

VERIFY ADVISORY:
http://secunia.com/advisories/14163/

嚴重性:
Moderately critical

WHERE:
From remote

作用:
Spoofing

受影響程式:
Mozilla 1.7.x
Mozilla Firefox 0.x
Mozilla Firefox 1.x
Mozilla Thunderbird 0.x
Mozilla Thunderbird 1.x

DESCRIPTION:
Eric Johanson has reported a security issue in Mozilla / Firefox / Camino / Thunderbird, which can be exploited by a malicious web site to spoof the URL displayed in the address bar, SSL certificate, and status bar.

The problem is caused due to an unintended result of the IDN (International Domain Name) implementation, which allows using international characters in domain names.

This can be exploited by registering domain names with certain international characters that resembles other commonly used characters, thereby causing the user to believe they are on a trusted site.

Secunia has constructed a test, which can be used to check if your browser is affected by this issue:
http://secunia.com/multiple_browsers_idn_spoofing_test/
(點選這個連接去測試看看你的瀏覽器會不會被騙)

The issue has been confirmed in Mozilla 1.7.5, Firefox 1.0 and Thunderbird 1.0. Other versions may also be affected.

解決方法:
不要點選來歷不明的網頁上的連接（這..）.
自己手動輸入連接 - （真累！）

作者: stelin21 時間: 2005-2-17 21:57
標題: Re: [轉貼] Mozilla 和 Firefox 有漏洞囉!!

Originally posted by Katsuya at 2005-2-17 09:05 PM:
受影響程式:
Mozilla 1.7.x
Mozilla Firefox 0.x
Mozilla Firefox 1.x
Mozilla Thunderbird 0.x
Mozilla Thunderbird 1.x

其實Mac上的safari也有受到影響
opera跟Netscape也是....
其他的...上述的網頁還有提到

作者: sjackwu 時間: 2005-2-17 23:32
標題: Re: [轉貼] Mozilla 和 Firefox 有漏洞囉!!

Originally posted by Katsuya at 2005-2-17 08:05 AM:
解決方法:
不要點選來歷不明的網頁上的連接（這..）.
自己手動輸入連接 - （真累！）

應該是說
只要是連到需要輸入帳號密碼信用卡的網頁，一律重開視窗，用手動輸入網址或是用書籤…

歡迎光臨 PALMisLIFE 討論區 (http://f.pil.tw/)