Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Mozilla Fixes Firefox Flaw That Allowed Spoofing of HTTPS Browser Padlock
#1
Quote:
[Image: firefox_patch.jpg]

The Mozilla Foundation fixed a flaw in its Firefox browser that allowed spoofing of the HTTPS secure communications icon, displayed as a padlock in the browser address window. Successful exploitation of the flaw could have allowed a rogue website to intercept browser communications.
 
The patch was part of the non-profit’s Monday update to Firefox 88 and its corporate Firefox ESR 78.10 browser and its Thunderbird 78.10 email client. In total, Firefox 88 addresses 13 browser bugs, six of which are rated high-severity.

Tracked as CVE-2021-23998, the secure-lock-icon bug effects both the consumer and corporate versions of Firefox browsers prior to the Monday releases. “Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page,” wrote Mozilla in its security advisory.

 Credited for discovering the spoofed secure lock icon is independent researcher Jordi Chancel, who on December 10, 2020 tweeted “I discovered again a new SSL Spoofing Issue (and others variohttps://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23998us security issues last 2 months)”. The vulnerability has a severity rating of moderate, Mozilla reported.
 
The browser padlock icon, used by all major browsers, indicates a secure communication channel between the browser and the server hosting the website. It indicates the communication is encrypted using HTTPS and utilizes an SSL/TLS certificate.


Read more: Mozilla Fixes Firefox Flaw That Allowed Spoofing of HTTPS Browser Padlock
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Malwarebytes may not be allowed to label rival's app as 'potentially unwanted' mrtrout 0 663 06-07-2023 , 04:14 PM
Last Post: mrtrout
  Firefox 98.0.2 fixes a crash on Windows, an add-ons issue, and more Mohammad.Poorya 0 1,761 03-23-2022 , 03:09 PM
Last Post: Mohammad.Poorya
  Google releases Chrome 90 with HTTPS by default and security fixes Imran 0 1,169 04-15-2021 , 03:00 PM
Last Post: Imran
  10K Targeted in Phishing Attacks Spoofing FedEx, DHL Express Bjyda 0 1,287 02-23-2021 , 11:16 PM
Last Post: Bjyda
  BIND implements DNS over HTTPS to offer enhanced privacy Bjyda 0 806 02-19-2021 , 11:04 PM
Last Post: Bjyda



Users browsing this thread: 1 Guest(s)