Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Firefox iFrame Bug Bypasses URL Protections

Posted by CmdrTaco on from the is-nothing-safe-any-more dept.

Trailrunner7 writes "There is a newly discovered vulnerability in Mozilla's flagship Firefox browser that could enable an attacker to trick a user into providing his login credentials for a given site by using an obfuscated URL. In most cases, Firefox will display an alert when a URL has been obfuscated, but by using an iFrame, an attacker can evade this layer of protection, possibly leading to a compromise of the user's sensitive information."

2 of 118 comments (clear)

  1. One word. by carp3_noct3m · · Score: 0, Troll

    NOSCRIPT

    --
    "It's ok, I'm completely secure as long as my iron is off"
  2. Re:iFrame? by beelsebob · · Score: 1, Troll

    (Score:-1, Just Plain Bollocks)

    Since when does apple have a video format called iFrame. Last I checked apple had no video codecs, and only one video container format called mov, and as far as supporting other people's codecs and containers supported only MPEG4, h264 and mp4 other than their own mov.

    Given that nothing factual in your post is correct, the only thing I can assume is that you're simply taking the opportunity to yell "oh my god, someone made me think of apple, now I've lost 'the game'". There's a word for people who do that – it's troll. Shit, now I've fed the troll :(.