CVE-2007-0802 Information

Description

Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the end of the domain name as demonstrated by the .\ and /\ characters which is not caught by the Phishing List blacklist filter.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0516.html http://kaneda.bohater.net/security/20070111-firefox_2.0.0.1_bypass_phishing_protection.php http://osvdb.org/33705 http://www.securityfocus.com/archive/1/459265/100/0/threaded https://bugzilla.mozilla.org/show_bug.cgi?id=367538