Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Malicious sites abuse 11-year-old Firefox bug that Mozilla failed to fix
#1
Quote: Bug dealt with in Chrome and Edge, but still a problem for Firefox users.

Malware authors, ad farmers, and scammers are abusing a Firefox bug to trap users on malicious sites.

This wouldn't be a big deal, as the web is fraught with this kind of malicious sites, but these websites aren't abusing some new never-before-seen trick, but a Firefox bug that Mozilla engineers appear to have failed to fix in the 11 years ever since it was first reported back in April 2007.

The bug narrows down to a malicious website embedding an iframe inside their source code. The iframe makes an HTTP authentication request on another domain. This results in the iframe showing an authentication modal on the malicious site, like the one below.
....
.....
Sure, Mozilla is an open source project, and it doesn't have unlimited resources to handle all the reported issues, but you'd think that after more than 11 years a Firefox engineer would find the time to fix an actively exploited issue.


https://www.zdnet.com/article/malicious-...ed-to-fix/
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Ransomware gangs abuse Process Explorer driver to kill security software mrtrout 0 424 04-20-2023 , 07:56 PM
Last Post: mrtrout
  Piracy sites make more than $1 .3 billion from malicious and real ads mrtrout 0 506 08-13-2021 , 07:19 AM
Last Post: mrtrout
  Mozilla Fixes Firefox Flaw That Allowed Spoofing of HTTPS Browser Padlock Mohammad.Poorya 0 989 04-21-2021 , 07:08 PM
Last Post: Mohammad.Poorya
  Compromised Credentials Show That Abuse Happens in Multiple Phases Bjyda 0 941 02-17-2021 , 09:55 PM
Last Post: Bjyda
  Telegram privacy feature failed to delete self-destructing video files Mohammad.Poorya 0 752 02-14-2021 , 07:23 PM
Last Post: Mohammad.Poorya

Forum Jump:


Users browsing this thread: 1 Guest(s)