New Firefox iFrame Bug Bypasses URL Protections

← Back to Stories (view on slashdot.org)

New Firefox iFrame Bug Bypasses URL Protections

Posted by CmdrTaco on Tuesday August 17, 2010 @01:48AM from the is-nothing-safe-any-more dept.

Trailrunner7 writes "There is a newly discovered vulnerability in Mozilla's flagship Firefox browser that could enable an attacker to trick a user into providing his login credentials for a given site by using an obfuscated URL. In most cases, Firefox will display an alert when a URL has been obfuscated, but by using an iFrame, an attacker can evade this layer of protection, possibly leading to a compromise of the user's sensitive information."

5 of 118 comments (clear)

Sigh... by Anonymous Coward · 2010-08-17 01:54 · Score: 2, Funny

When will people finally migrate away from Windows, IE and all the security flaws?
Wait a sec...
Re:Once again, kids by PolygamousRanchKid+ · 2010-08-17 02:01 · Score: 3, Funny

...ignore the temptation to smack that bear (or whatever flash ads are doing nowadays)
I think the expression that you are looking for is spank that monkey.

--
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
This does not affect my Firefox version by rshxd · 2010-08-17 02:06 · Score: 5, Funny

I run a Mac and Macs are clearly immune from this because we do not get hacked nor get viruses. Brb, downloading this .pdf someone just sent me. I don't know who they are but I think I won some kind of lottery
Re:Once again, kids by jbarr · 2010-08-17 02:16 · Score: 5, Funny

You're the 30,000th person today who has been told they are the one millionth visitor.
Cool! What do I win?!?

--
My mom always said, "Jim, you're 1 in a million." Given the current population, there are 7000 of me. God help us all!
Re:iFrame? by WrongSizeGlass · 2010-08-17 02:27 · Score: 3, Funny

iFrames are commonly used to iNfect websites. iT's not always put there by the web designer.