Select Page

We have not seen any cases of this exploit in the wild, but there’s a proof of concept at the Secunia site and it’s something to be aware of.

There is a new exploit which allows hackers to obfuscate the real URL being shown, useful for phishing attacks. This is a practice called address bar spoofing, and enables the hacker to make an address bar show a different URL than what is actually loading.  This particular exploit creates a race condition between a Macromedia Flash file and web content being loaded.

In a test available at Secunia, Google is showing, but the page is different:


The way to mitigate this exploit is to turn off active scripting, which is also a valid mitigator for the currently active “createTextRange()” vulnerability (in fact, turning off Active Scripting in general is a very good idea, if you can handle the hassle). 

Suzi over at Spywarewarrior told me that she had success mitigating the exploit by simply setting “Allow sub-frames to navigate across different domains”  to Disable (or Prompt).  Screen shot below:


I tested this fix and it works on this test case, but there are no guarantees.   Disabling Active Scripting is your best bet.

Secunia advisory here via CNET.

Alex Eckelberry