Информационная безопасность
[RU] switch to English


Обход защиты от фишинга в Firefox / Opera (protection bypass)
Опубликовано:6 февраля 2007 г.
Источник:
SecurityVulns ID:7190
Тип:удаленная
Уровень опасности:
2/10
Описание:Возможно обойти защиту от фишинга добавив "." к имени хоста или дополнительный "/" после имени.
Затронутые продукты:MOZILLA : Firefox 2.0
 OPERA : Opera 9.10
CVE:CVE-2007-1762 (Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize URLs before checking them against the phishing site blacklist, which allows remote attackers to bypass phishing protection via multiple / (slash) characters in the URL.)
 CVE-2007-0802 (Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the end of the domain name, as demonstrated by the "." and "/" characters, which is not caught by the Phishing List blacklist filter.)
 CVE-2006-6971 (Mozilla Firefox 2.0, possibly only when running on Windows, allows remote attackers to bypass the Phishing Protection mechanism by representing an IP address in (1) dotted-hex, (2) dotted-octal, (3) single decimal integer, (4) single hex integer, or (5) single octal integer format, which is not captured by the blacklist filter.)
 CVE-2006-6970 (Opera 9.10 Final allows remote attackers to bypass the Fraud Protection mechanism by adding certain characters to the end of a domain name, as demonstrated by the "." and "/" characters, which is not caught by the blacklist filter.)
Оригинальный текстdocumentKanedaaa Bohater, Firefox 2.0.0.1 and Opera 9.10 Anty Fraud/Phishing Protection bypass. (06.02.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород