The latest version of Firefox is 0.9.2. > The developers of Mozilla are currently looking into various > methods to make a fake user interface more obvious. The most > likely solution will be to force the status bar to always be > visible, as Microsoft will do with IE6 SP2. This appears to be the case with 0.9.2. The spoofed PayPal site (from http://www.nd.edu/~jsmith30/xul/test/spoof.html) cannot hide FireFox's status bar - so you get 2 status bars displayed. Even so, the site is incredibly convincing, and I suspect the average user would be understandably fooled. Since the CERT recommendation, Mozilla browsers are gaining ground. Firefox is now the browser of choice throughout the company I work for. I suspect the best defence will be to block all xul on the proxy. Marc Deglos. ----- Original Message ----- From: "David Ahmad" <da@xxxxxxxxxxxxxxxxx> To: <bugtraq@xxxxxxxxxxxxxxxxx> Sent: Friday, July 30, 2004 10:05 PM Subject: Fwd: New possible scam method : forged websites using XUL (Firefox)
