Fresco suffers IE URL bugBy Chris Williams. Published: 17th Dec 2003, 14:26:35 | Permalink | Printable
Don't get spoofedSecurity A recently discovered bug in Microsoft's Internet Explorer allows anyone to maliciously fake the URL shown in the address bar, in order to gain the user's trust. As revealed by Michael Poole, the RISC OS browser Fresco is also susceptible to this vulnerability.
Exploiting this flaw, fraudsters could create websites that are designed to collect sensitive information from net users, while disguising the rogue webpages as official websites. Web surfers are being warned to not follow links from untrusted sources.
While Fresco 2.13 was shown to be vulnerable, Oregano 1 and 2 and Browse both reject the malformed URLs used in the exploit.
Internet Explorer URL Spoofing Vulnerability details - includes online test
IE bug provides phishing tool from ZDnet
Previous: MyRISCOS re-organisation details leaked
Next: ViewFinder firmware confusion settled
DiscussionViewing threaded comments | View comments unthreaded, listed by date | Skip to the end
Please login before posting a comment. Use the form on the right to do so or create a free account.
Search the archives
Today's featured article
ROS used in secure gadget network research
Uni boffins' lab includes A9home and Iyonix
3 comments, latest by knutson on 19/11/06 4:30AM. Published: 17 Nov 2006
Aemulor's brief Windows affair discovered
One lucky user stumbles on hidden relationship
22 comments, latest by Grek1 on 22/12/03 12:51AM. Published: 19 Dec 2003
News and media:
RISCOS Ltd •
RISC OS Open •
MW Software •
Advantage Six •
CJE Micros •
Liquid Silicon •
Chris Why's Acorn/RISC OS collection •
The Register •
The Inquirer •
Apple Insider •
BBC News •
Sky News •
Google News •