Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Firefox iFrame Bug Bypasses URL Protections

Posted by CmdrTaco on from the is-nothing-safe-any-more dept.

Trailrunner7 writes "There is a newly discovered vulnerability in Mozilla's flagship Firefox browser that could enable an attacker to trick a user into providing his login credentials for a given site by using an obfuscated URL. In most cases, Firefox will display an alert when a URL has been obfuscated, but by using an iFrame, an attacker can evade this layer of protection, possibly leading to a compromise of the user's sensitive information."

4 of 118 comments (clear)

  1. Re:iFrame? by Anonymous Coward · · Score: -1, Offtopic

    "iFrame"? Seriously? Of all the possible choices of camelCasing you could have picked from, "iFrame" is the only one that describes an Apple video format for the iPhone.

    When referencing the inline frame HTML element, it's a lot clearer to use "iframe", "IFRAME", or even "IFrame".

    iFrame? Seriously? Of all the possible choices of complaining about things you could have picked from, "iFrame" is the one you are going with? How about "14 million people effected by floods in Pakistan", "2 million AIDS deaths per year" or even any other issue that is actually relevant.

    Oh, sorry. I'm off topic. /sarcasm

  2. Re:Once again, kids by Anonymous Coward · · Score: -1, Offtopic

    In Soviet Russia, the monkey spanks himself.

  3. Re:iFrame? by Anonymous Coward · · Score: -1, Offtopic

    Plover could you take Steve Jobs' wrinkled old iPecker from out of your mouth please - it is thoroughly improper.

  4. mod 0P by Anonymous Coward · · Score: -1, Offtopic

    to place a pa+per The last night of