Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Firefox iFrame Bug Bypasses URL Protections

Posted by CmdrTaco on from the is-nothing-safe-any-more dept.

Trailrunner7 writes "There is a newly discovered vulnerability in Mozilla's flagship Firefox browser that could enable an attacker to trick a user into providing his login credentials for a given site by using an obfuscated URL. In most cases, Firefox will display an alert when a URL has been obfuscated, but by using an iFrame, an attacker can evade this layer of protection, possibly leading to a compromise of the user's sensitive information."

4 of 118 comments (clear)

  1. iFrame? by plover · · Score: 3, Insightful

    "iFrame"? Seriously? Of all the possible choices of camelCasing you could have picked from, "iFrame" is the only one that describes an Apple video format for the iPhone.

    When referencing the inline frame HTML element, it's a lot clearer to use "iframe", "IFRAME", or even "IFrame".

    --
    John
  2. Once again, kids by Pojut · · Score: 4, Insightful

    Never click on a URL within an email to take you to a website...always go directly to the website yourself.

    Also, use some common sense. You're the 30,000th person today who has been told they are the one millionth visitor...ignore the temptation to smack that bear (or whatever flash ads are doing nowadays)

    --
    Living With a Nerd
  3. Re:This does not affect my Firefox version by eulernet · · Score: 3, Insightful

    What ? Slashdot works on a Safari browser ?

  4. Re:Step One: Uninstall Windows by Tim+C · · Score: 3, Insightful

    Or relevant, given the flaw is in Firefox.

    --
    It's official. Most of you are morons.