Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Security / Advisories

Advisories

Firefox About:Blank Vulnerability Could Expose You to Hackers

Minor security flaw found in Firefox

By Bogdan Popa, Security and Search Engines Editor

28th of May 2008, 08:17 GMT

Adjust text size:


Mozilla Firefox
Enlarge picture
Firefox is incredibly popular nowadays, some people saying that it's even more popular than Microsoft's Internet Explorer, the default browser integrated
into the Windows operating system. However, being extremely popular doesn't necessarily mean that you're also 100 percent safe as it has been proved by numerous security glitches spotted in Mozilla's browser. And today, a new but minor glitch has been detected in Firefox, but security experts say that only older versions of the application are affected.

"Mozilla Firefox is prone to a vulnerability that may allow attackers to spoof browser windows. This occurs because of a flaw in the security model of the application's JavaScript engine. Successfully exploiting this issue may allow attackers to spoof legitimate websites in a manner that may be difficult for unsuspecting users to differentiate between them. This may aid in phishing or other social-engineering attacks," SecurityFocus wrote about the "About:Blank Spoof Vulnerability."

What's worse is that this security glitch could be used in phishing scams or other types of dangerous attacks on the Internet. Michal Zalewski, who disclosed the vulnerability, wrote that taking advantage of this flaw may allow a potential phisher to lead the user on malicious websites which could be then used to trick him into disclosing private details.

"Having text displayed in a window that has an empty URL bar can confuse the user as to the origin of the displayed data or security prompts, as if they were internal browser messages; an empty address bar is considerably less suspicious than a shady host name or a panic-inducing data: URL scheme," he wrote in an advisory published on SecurityFocus a few months ago when he first discovered the problem.

As usual, updating to the latest version of Mozilla Firefox is one of the easiest ways to stay on the safe side, so all you need to do is to download and install this release of the browser.

TAGS:

 security | firefox | mozilla | vulnerability


Rating:
Fair (2.6/5) 3 vote(s) so far    

Read by 1,438 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Virus Found in Firefox 2 Plug-in

Firefox 3.0 Release Candidate 1 (RC1/Final) Code Complete

Download Firefox 3.0 Release Candidate 1 (RC1)

What Freezes the System: Firefox or ext3?

Introducing Firefox 3.1 Pre-Alpha 1

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive