You are here: Known Vulnerabilities in Mozilla Products (Firefox 1.0) > MFSA 2005-04

Mozilla Foundation Security Advisory 2005-04

Title: Secure site lock can be spoofed with view-source:
Severity: Low
Reporter: Kohei Yoshino
Products: Firefox, Mozilla Suite

Fixed in: Firefox 1.0
  Mozilla Suite 1.7.5

Description

Kohei Yoshino reports the secure site lock icon can be spoofed by using a view-source: URL targetted at the secure site whose credentials you want to appropriate. An insecure page of the attackers choice can then be loaded while the lock icon shows the previous secure state.

This could potentially be abused by phishers to make their fake login sites appear more authentic.

Workaround

Upgrade to fixed version

References

https://bugzilla.mozilla.org/show_bug.cgi?id=262689