On Mon, Feb 07, 2005 at 04:00:42PM -0600, Joe Morris (NTM) wrote:
Marcus Meissner wrote:
On Mon, Feb 07, 2005 at 09:22:44PM +0100, Richard Farla wrote:
Many browser's like Netscape,Firefox,Konquerer can be spoofed at the url-adreslocator, see:
We are working on this issue and release patches if we have them.
Just for reference, Mozilla 1.7.5 x86_64 [Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.5) Gecko/20041220] did not pop up a window (error message about not finding www.paypal.com was what happened), so I guess it is NOT vulnerable. --
It could be that your DNS is not resolving the fake www.paypаl.com (the letter before l is not "a") and not that mozilla is not vulnerable. Here, www.paypаl.com resolves to 198.41.1.35, while real www.paypal.com resolves to 216.113.188.34 216.113.188.64 216.113.188.33 216.113.188.65 216.113.188.66 216.113.188.35 Cut and paste this string into a shell (do not retype it) and see what it returns: dig www.paypаl.com For comparison, I am getting this: ; <<>> DiG 9.2.4 <<>> www.paypаl.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58955 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.payp\208\176l.com. IN A ;; ANSWER SECTION: www.payp\208\176l.com. 586 IN A 198.41.1.35 ;; Query time: 2 msec ;; SERVER: 172.21.1.126#53(172.21.1.126) ;; WHEN: Mon Feb 7 16:51:15 2005 ;; MSG SIZE rcvd: 49 -Kastus