Phishing Protection Bypass in Mozilla Firefox 2.0.0.1
CVE-2007-0802

Currently unrated

Key Information:

Vendor: Opera
Status: Opera Browser; Firefox
Vendor: CVE Published:; 7 February 2007

Summary

Mozilla Firefox 2.0.0.1 and certain subsequent versions contain a vulnerability that allows remote attackers to bypass its Phishing Protection mechanism by appending specific characters to the end of a domain name. This issue arises because the Phishing List blacklist filter fails to recognize the manipulation, leaving users at risk of being misled by fraudulent sites.

References

http://www.securityfocus.com/archive/1/459265/100/0/threaded

mailing-listx_refsource_BUGTRAQ

https://bugzilla.mozilla.org/show_bug.cgi?id=367538

x_refsource_MISC

http://osvdb.org/33705

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Feb 7, 2007
Vulnerability Reserved
Feb 7, 2007