 hpguruCurb Your DogmaPremium
join:2002-04-12
1 edit | reply to bcool
Re: [Extension] IE Tab, replaces IE View I found a phishing type vulnerability in this extension which could be pretty serious if it takes advantage of an unpatched IE vulnerability. Who should I report it to? I have a pretty simple POC too.
Edit: Changed the word "exploit" to "vulnerability".
--
Get hpHOSTS! Member ASAP
The Bush Era is over. The Bush Error is not. |
|
|
|
 bcoolPremium
join:2000-08-25
The Ozarks
1 edit | said by hpguru:I found a phishing type exploit in this extension which could be pretty serious if it takes advantage of an unpatched IE exploit. Who should I report it to? I have a pretty simple POC too. That is to say that the phishing type exploit exists in the IEView extension, correct? If so, I would start with developer(s) of IEView.
You may also want to mention it to IETab developer here
»forums.mozillazine.org/viewtopic···f6a6b542 |
|
hpguruCurb Your DogmaPremium
join:2002-04-12 | said by bcool:That is to say that the phishing type exploit exists in the IEView extension, correct? If so, I would start with developer(s) of IEView. You may also want to mention it to IETab developer here » forums.mozillazine.org/viewtopic···f6a6b542 Yes it is because if my POC is opened in IE the correct url will be displayed in the address bar. If the POC is opened in FF and IE Tab is subsequently activated by the user the correct url is not displayed. It does change but it is of the form
chrome://ieview/content/reloaded.html?url=ORIGINAL_URL.
Switching back to the FF view redisplays the unmodified original url.
Do you have an email address for the author? I'd rather not register there just to report this.
--
Get hpHOSTS! Member ASAP
The Bush Era is over. The Bush Error is not. |
|
