Firefox SSL Spoofing.

By secgeeks - Posted on February 5th, 2008

Tagged:

142

vote

Firefox seems to have trouble with defining the proper hostname when requesting a ssl connection. I was able to trick Firefox in thinking the hostname behind the at-sign is legit and the same as the URI that requested an ssl connection, and this without a warning. Since it can fail numerous times, Firefox has a nice feature that asks oblivious surfers: Try again? at that moment the full rogue host has been localized in the url-bar. That surely leverages the attack scenario and gives attackers a shot in tricking surfers to perform dangerous actions like installing executables or just spoofing the target and phish for it. I also have the idea this is just the top of the Mozilla ice-berg, another field to explore.

Bookmark/Search this post with:

Trackback URL for this post:

http://secgeeks.com/trackback/1430

Similar entries

Recent blog posts

Newly Popular

Drupalit monthly

Drupalit weekly

Drupalit daily

Drupalit hottest

Drupalit latest

Recent comments

Problem solved!!!!
30 weeks 4 days ago
New version here
33 weeks 1 day ago
thanks for sharing.
1 year 1 week ago
links
1 year 2 weeks ago
Link to preplay
1 year 2 weeks ago
so now you are on linkedin
1 year 18 weeks ago
Outlook Email search tool
1 year 34 weeks ago
nice tool..
2 years 24 weeks ago
Preplay for windows
2 years 26 weeks ago
yeah,foxit is god
2 years 28 weeks ago

Get SecGeeks Feeds in your email:

Navigation

Who's online

There are currently 0 users and 6 guests online.

BlogRoll

Hack In The Box

http://maltainfosec.org
http://sipvicious.org/blog/
astalavista.com
Fake antivirus removal instructions

Partners

www.techmantras.com
Play Free Bingo at WikiBingo.co.uk
Find the latest Scratch Cards Games
Play bingo with no commitment-bingo winner.
Rent Sell Property
Post your Classified Ads for free
add your link here..