Fresco suffers IE URL bugBy Chris Williams. Published: 17th Dec 2003, 14:26:35 | Permalink | Printable
Don't get spoofedSecurity A recently discovered bug in Microsoft's Internet Explorer allows anyone to maliciously fake the URL shown in the address bar, in order to gain the user's trust. As revealed by Michael Poole, the RISC OS browser Fresco is also susceptible to this vulnerability.
Exploiting this flaw, fraudsters could create websites that are designed to collect sensitive information from net users, while disguising the rogue webpages as official websites. Web surfers are being warned to not follow links from untrusted sources.
While Fresco 2.13 was shown to be vulnerable, Oregano 1 and 2 and Browse both reject the malformed URLs used in the exploit.
Internet Explorer URL Spoofing Vulnerability details - includes online test
IE bug provides phishing tool from ZDnet
Previous: MyRISCOS re-organisation details leaked
Next: ViewFinder firmware confusion settled
DiscussionViewing threaded comments | View comments unthreaded, listed by date | Skip to the end
Please login before posting a comment. Use the form on the right to do so or create a free account.
Search the archives
Today's featured article
Manchester RISC OS Jaunt
Martin Hansen does Northern dealers
21 comments, latest by Anon on 3/1/04 9:06PM. Published: 21 Dec 2003
ARM plays hand, reveals 1GHz plans
More mobile, more powerful, more Intel rattling
38 comments, latest by Col1 on 10/10/05 09:49AM. Published: 5 Oct 2005
News and media:
RISCOS Ltd •
RISC OS Open •
MW Software •
Advantage Six •
CJE Micros •
Liquid Silicon •
Chris Why's Acorn/RISC OS collection •
The Register •
The Inquirer •
Apple Insider •
BBC News •
Sky News •
Google News •