Firefox About:Blank Vulnerability Could Expose You to Hackers
Firefox
is incredibly popular nowadays, some people saying that it's even more
popular than Microsoft's Internet Explorer, the default browser
integrated
into the Windows operating system. However, being extremely popular
doesn't necessarily mean that you're also 100 percent safe as it has
been proved by numerous security glitches spotted in Mozilla's browser.
And today, a new but minor glitch has been detected in Firefox, but
security experts say that only older versions of the application are
affected.
"Mozilla Firefox is prone to a vulnerability that may allow attackers
to spoof browser windows. This occurs because of a flaw in the security
model of the application's JavaScript engine. Successfully exploiting
this issue may allow attackers to spoof legitimate websites in a manner
that may be difficult for unsuspecting users to differentiate between
them. This may aid in phishing or other social-engineering attacks,"
SecurityFocus wrote about the "About:Blank Spoof Vulnerability."
What's worse is that this security glitch could be used in phishing
scams or other types of dangerous attacks on the Internet. Michal
Zalewski, who disclosed the vulnerability, wrote that taking advantage
of this flaw may allow a potential phisher to lead the user on
malicious websites which could be then used to trick him into
disclosing private details.
"Having text displayed in a window that has an empty URL bar can
confuse the user as to the origin of the displayed data or security
prompts, as if they were internal browser messages; an empty address
bar is considerably less suspicious than a shady host name or a
panic-inducing data: URL scheme," he wrote in an advisory published on SecurityFocus a few months ago when he first discovered the problem.
As usual, updating to the latest version of Mozilla Firefox is one of
the easiest ways to stay on the safe side, so all you need to do is to
download and install this release of the browser.
[Source: softpedia]
Post a Comment