Mozilla UI Spoofing Vulnerability

Short Circuit writes "Secunia has issued a security advisory for Mozilla and Firefox. Apparently, remote web sites can spoof the user interface using XUL. (See the Firefox proof of concept.) Of course, that won't stop me from using Firefox."

This is nothing...

[Anonymous Coward]

You think your Mozilla or FireFox has neat features like that?

Well my friend, my IE can beat your browser many times over!

HA!

Not another one!

[Nermal6693]

I've lost faith in Secunia, they seem to love pointing out security holes in open-source products. So I just ignore them now.

I'm using Firefox...

[Anonymous Coward]

so am I really seeing slashdot, or is someone trying to spoof me, while at the same time ironically warning me about said Firefox spoofs?

Re:I'm using Firefox...

[HoneyBunchesOfGoats]

You can tell that it's not the real slashdot because they got the colors all wrong.

Firefox, huh ?

[ElVirolo]

Of course, that won't stop me from using Firefox But then how do you know you ARE using the 'proper' Firefox if the interface is spoofed ?

Re:I'm using Firefox...

[King_of_Prussia]

I think I'm being spoofed, only a colourblind script-kiddie from Norway could have chosen a background colour this vomit-inducing.

Re:What the hell?

[tirenours]

And from the linked page, a gem that we shouldn't overlook:

"if you don't have Firefox (you should get it!)"

Re:I'm using Firefox...

[Pharmboy]

Depends, did you get a bunch of 500 and 503 errors? Then its the real Slashdot. Oh, and look for dupes on the front page, the spoof's don't do that.

This is a feature.....

[Anonymous Coward]

....to make former IE users feel at home...

Re:Not another one!

[Nermal6693]

But at 21, I'm too young to be a grandparent! ;)

Re:Fix the Colors!

[Anonymous Coward]

Mod me up if you hate the color scheme. Here's a fixed link using the "old" slashdot colors:

i really want to mod you up, but since i followed your link in mozilla, i don't dare log in, since i can't really be sure of what i'm looking at...

Re:Vulnerability?

[bcmm]

And here is a perfect reversal of how /. usually works. Someone says "I can do X with FireFox, but not in IE", and someone else points out how to do the same with IE...

Very, Very OT: Your Sig.

[Anonymous Coward]

"Making the moon less necessary since 1998"

Are you claiming to be so fat, that by sprinting around the equator, you can sustain tides and stabilise the Earth's attitude?

Re:I'm using Firefox...

[Anonymous Coward]

man...oh man. this reminds me of the time our "cio" first heard about ip spoofing back in 97.

for the next 3 months every problem was probably caused by "spoofing"...he drove us nuts with that bullshit.

so to fuck with him, we created fake security/vulnerability reports about a new threat: "goof balling"

we could barely keep from wetting our pants as he ran around for the next 3 months telling everyone "we are being goof balled"

Re:I'm using Firefox...

[dillee1]

Fuck, I thought that was the VGA cable getting loose again and tried to fix it.

Re:I'm using Firefox...

[Anonymous Coward]

You can download a fix here [microsoft.com]

After installing this, I am not vulnerable to this security threat.

Re:Firefox, huh ?

[Spunk]

I don't have to worry, I use Mozilla Superchicken.

Re:What the hell?

[Trailer Trash]

There are many, many people out there who continue to use IE, even after knowing there are alternatives and that IE has many security holes. So what? Why doesn't anybody label those people as "MS zealots"?

They do. You apparently missed the memo...