Firefox About:Blank Vulnerability Could Expose You to Hackers

Minor security flaw found in Firefox

By on May 28th, 2008 08:17 GMT
Firefox is incredibly popular nowadays, some people saying that it's even more popular than Microsoft's Internet Explorer, the default browser integrated into the Windows operating system. However, being extremely popular doesn't necessarily mean that you're also 100 percent safe as it has been proved by numerous security glitches spotted in Mozilla's browser. And today, a new but minor glitch has been detected in Firefox, but security experts say that only older versions of the application are affected.

"Mozilla Firefox is prone to a vulnerability that may allow attackers to spoof browser windows. This occurs because of a flaw in the security model of the application's JavaScript engine. Successfully exploiting this issue may allow attackers to spoof legitimate websites in a manner that may be difficult for unsuspecting users to differentiate between them. This may aid in phishing or other social-engineering attacks," SecurityFocus wrote about the "About:Blank Spoof Vulnerability."

What's worse is that this security glitch could be used in phishing scams or other types of dangerous attacks on the Internet. Michal Zalewski, who disclosed the vulnerability, wrote that taking advantage of this flaw may allow a potential phisher to lead the user on malicious websites which could be then used to trick him into disclosing private details.

"Having text displayed in a window that has an empty URL bar can confuse the user as to the origin of the displayed data or security prompts, as if they were internal browser messages; an empty address bar is considerably less suspicious than a shady host name or a panic-inducing data: URL scheme," he wrote in an advisory published on SecurityFocus a few months ago when he first discovered the problem.

As usual, updating to the latest version of Mozilla Firefox is one of the easiest ways to stay on the safe side, so all you need to do is to download and install this release of the browser.
Mozilla Firefox
   Mozilla Firefox
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

Comments