Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Firefox iFrame Bug Bypasses URL Protections

Posted by CmdrTaco on from the is-nothing-safe-any-more dept.

Trailrunner7 writes "There is a newly discovered vulnerability in Mozilla's flagship Firefox browser that could enable an attacker to trick a user into providing his login credentials for a given site by using an obfuscated URL. In most cases, Firefox will display an alert when a URL has been obfuscated, but by using an iFrame, an attacker can evade this layer of protection, possibly leading to a compromise of the user's sensitive information."

3 of 118 comments (clear)

  1. This does not affect my Firefox version by rshxd · · Score: 5, Funny

    I run a Mac and Macs are clearly immune from this because we do not get hacked nor get viruses. Brb, downloading this .pdf someone just sent me. I don't know who they are but I think I won some kind of lottery

  2. Re:Once again, kids by jbarr · · Score: 5, Funny

    You're the 30,000th person today who has been told they are the one millionth visitor.

    Cool! What do I win?!?

    --
    My mom always said, "Jim, you're 1 in a million." Given the current population, there are 7000 of me. God help us all!
  3. Re:I'm missing something by smalltux · · Score: 5, Informative

    The blog post that TFA refers to should be this one:
    http://blog.armorize.com/2010/08/iframes-and-url-stringency-mozilla.html

    (Yea, their typing skills don't impress me either.)

    That in turn links to a BugZilla entry, though it's locked down at the moment.