Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Firefox iFrame Bug Bypasses URL Protections

Posted by CmdrTaco on Tuesday August 17, 2010 @01:48AM from the is-nothing-safe-any-more dept.

Trailrunner7 writes "There is a newly discovered vulnerability in Mozilla's flagship Firefox browser that could enable an attacker to trick a user into providing his login credentials for a given site by using an obfuscated URL. In most cases, Firefox will display an alert when a URL has been obfuscated, but by using an iFrame, an attacker can evade this layer of protection, possibly leading to a compromise of the user's sensitive information."

1 of 118 comments (clear)

Min score:

Reason:

Sort:

Re:I'm missing something by smalltux · 2010-08-17 02:42 · Score: 5, Informative

The blog post that TFA refers to should be this one:
http://blog.armorize.com/2010/08/iframes-and-url-stringency-mozilla.html

(Yea, their typing skills don't impress me either.)

That in turn links to a BugZilla entry, though it's locked down at the moment.