Zonk from the please-keep-the-fox-in-the-pen dept.
hairyfeet writes "Aviv Raff, an Israeli researcher known for his work in hunting browser bugs, has revealed a Firefox spoofing vulnerability which could allow identity thieves to dupe users into giving up their password. According to Mr. Raff Firefox fails to sanitize single quotes and spaces in the 'Realm' value of an authentication header. Raff was quoted as saying 'This makes it possible for an attacker to create a specially crafted Realm value which will look as if the authentication dialog came from a trusted site.' This vulnerability was shown to be in the latest Firefox, version 184.108.40.206 and until Mozilla fixes this vulnerability Mr. Raff recommends in his blog 'not to provide username and password to Web sites which show this dialog.'"
The perversity of nature is nowhere better demonstrated by the fact that, when
exposed to the same atmosphere, bread becomes hard while crackers become soft.