Fresco suffers IE URL bugBy Chris Williams. Published: 17th Dec 2003, 14:26:35 | Permalink | Printable
Don't get spoofedSecurity A recently discovered bug in Microsoft's Internet Explorer allows anyone to maliciously fake the URL shown in the address bar, in order to gain the user's trust. As revealed by Michael Poole, the RISC OS browser Fresco is also susceptible to this vulnerability.
Exploiting this flaw, fraudsters could create websites that are designed to collect sensitive information from net users, while disguising the rogue webpages as official websites. Web surfers are being warned to not follow links from untrusted sources.
While Fresco 2.13 was shown to be vulnerable, Oregano 1 and 2 and Browse both reject the malformed URLs used in the exploit.
Internet Explorer URL Spoofing Vulnerability details - includes online test
IE bug provides phishing tool from ZDnet
Previous: MyRISCOS re-organisation details leaked
Next: ViewFinder firmware confusion settled
DiscussionViewing threaded comments | View comments unthreaded, listed by date | Skip to the end
Please login before posting a comment. Use the form on the right to do so or create a free account.
Search the archives
Today's featured article
An introduction to IP networks
Part one of masking the 'net
10 comments, latest by Umair on 9/9/04 10:11PM. Published: 4 Sep 2004
South East show news round up
What's going down on Saturday - Select ROMs? Cino? Networked VRPC-SE?
7 comments, latest by Snig on 18/10/03 9:05PM. Published: 16 Oct 2003
News and media:
RISCOS Ltd •
RISC OS Open •
MW Software •
Advantage Six •
CJE Micros •
Liquid Silicon •
Chris Why's Acorn/RISC OS collection •
The Register •
The Inquirer •
Apple Insider •
BBC News •
Sky News •
Google News •