New Flaw in Firefox Could Enable Phishing Attacks

There is a new vulnerability in Firefox that enables an attacker to open a new tab in a victim’s browser with a spoofed URL. The vulnerability is found in all current versions of Firefox and Mozilla does not have a patch for the problem yet.

There is a new vulnerability in Firefox that enables an attacker to open a new tab in a victim’s browser with a spoofed URL. The vulnerability is found in all current versions of Firefox and Mozilla does not have a patch for the problem yet.

The vulnerability would be useful for attackers in a phishing attack, given the ability to spoof the URL in the new tab or window. From the Mozilla blog entry on the bug:

If a user visits a page hosting this malicious code, a new window or tab can be opened with a faked URL.  There is no way of determining if the URL is authentic.  This could result in the user disclosing confidential information to the malicious site, known as a phishing attack.

Mozilla said it is working on a fix for the problem, but did not disclose a time line for releasing a patch.

Suggested articles

The Promise and Peril of 5G

As the hype at CES demonstrates, 5G is the newest and shiniest tech bauble out there: but security concerns loom.

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.