26 Jul
a new vulnerability has been reported in Mozilla and Mozilla Firefox, allowing malicious sites to abuse SSL certificates of other sites.
It is possible to make the browser load a valid certificate from a trusted website by using a specially crafted “onunload” event. The problem is that Mozilla loads the certificate from a trusted website and shows the “secure padlock” while actually displaying the content of the malicious website.
The URL shown in the address bar correctly reads that of the malicious website.
This has been confirmed using Mozilla Firefox 0.9.2 and Mozilla 1.7.1 on Windows and Mozilla Firefox 0.9.1 on Linux. Other versions may also be affected.
There is no patch yet.
A temporary solution would be to not follow links from untrusted websites and verify the correct URL in the address bar with the one in the SSL certificate.
One Response for "Mozilla / Mozilla Firefox “onunload” SSL Certificate Spoofing"
In our modern society, for every person in business or with a career in most industries today, it is imperative to have a place in cyberspace, not just to be competitive but to survive. web hosting companies were born out of this great need to provide an environment for the masses to own a piece of cyberspace, to offer an environment where people could have their piece of cyberspace on the internet 24/7 without the great cost.
Web hosting companies developed a model where they could split up areas on the servers connected to the backbone and ?rent? this space, cutting the costs across many people sharing the server and backbone connection to the internet.
In a web-hosting environment, you are offered a web site to place your files, data, documents, and bulletins for people to access with their web browser and an email server for you to send and receive email messages. The web host will also provide you a means to get an address for people to get to your web site with a web browser and post email to you.
To obtain space in a web hosting environment you become a member and agree to terms and conditions of renting the space ? just as if you were to rent a house or commercial premises for your business. Once you agree and become a member, you are given an access code, a key, to your piece of cyberspace. This key, in the form of a login and password, allows you to connect to the web hosting server and up-load (transfer to) your web site so it can be accessed on the internet. Your login and password is also used to connect to a mail server to create and administer mailboxes to send and receive email for you, your staff, or family members.
Just like when you rent a house or commercial premises for your business, you have so many rooms, bathrooms, and floor space to use. In a web-hosting environment, your area is defined as disk space and network transfer.
Leave a reply