Hi,

just read about this firefox spoof: http://www.nd.edu/~jsmith30/xul/test/spoof.html
It is possible to use XUL (the base interface language of mozilla) for seamlessly build an application that looks xactly like your browser and display an apparently legitimate webpage.

Pretty well done I must say. A bigger hole probably and unfortunately than many security flaws found in our not so loved IE ...

Try it and take the time to see how far it goes: clicking on the status bar left security info icon for instance.

It works with firefox only.

P.

This isn't a bigger hole, it requires social engineering. By definition, exploits that you can run without any social engineering are much bigger than those using social engineering.
Besides, if you have your javascript settings modified at all it fails. It just shows, you have to be careful with your money; and sites that handle it on the web.

Originally posted by madcompnerd
It just shows, you have to be careful with your money; and sites that handle it on the web.

A fool and his money...

...are soon parted :D

Originally posted by madcompnerd
...are soon parted :D

Which is why it costs 200 bucks for a copy of Windows. ;)

That is disturbing though, when you consider that there are people who will click on blatantly obvious viruses in their e-mail. On the other hand, I'm pretty sure that if a web page popped up an unrelated link to PayPal on me, I wouldn't be entering any sensitive information.:rolleyes:

Paypal has sent out numerous notices about this since it started appearing, approximately 10-12 mo. ago. I just have made it a habit not to respond. but rather initiate.