Microsoft Internet Explorer 8 - Anti Spoofing is a Myth

2009.04.02

Credit: Aditya K Sood

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

With the new features implemented in IE 8, the status address bar has been transformed too. The new step taken by Microsoft IE team that is not to show the address of selected link in a status bar can have a serious impact. A user will not be able to see the active link in the status bar. This looks like to be an implementation of security solution with an obscurity. Status bar
is required for Link Integrity check that assures a user about the legitimate website. We are not considering the ingrained vulnerabilities of status address bar spoofing in browsers at this point of time. Browsers like MOZILLA, Chrome etc are having well designed and effective status address bars.

For detail issue : http://www.secniche.org/ie_spoof_myth/


Regards
Aditya K Sood
http://www.secniche.org

References:

http://seclists.org/bugtraq/2009/Apr/0004.html

http://www.secniche.org/ie_spoof_myth/

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Microsoft Internet Explorer 8 - Anti Spoofing is a Myth

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.