New Flaw in Firefox Could Enable Phishing Attacks

There is a new vulnerability in Firefox that enables an attacker to open a new tab in a victim’s browser with a spoofed URL. The vulnerability is found in all current versions of Firefox and Mozilla does not have a patch for the problem yet.

There is a new vulnerability in Firefox that enables an attacker to open a new tab in a victim’s browser with a spoofed URL. The vulnerability is found in all current versions of Firefox and Mozilla does not have a patch for the problem yet.

The vulnerability would be useful for attackers in a phishing attack, given the ability to spoof the URL in the new tab or window. From the Mozilla blog entry on the bug:

If a user visits a page hosting this malicious code, a new window or tab can be opened with a faked URL.  There is no way of determining if the URL is authentic.  This could result in the user disclosing confidential information to the malicious site, known as a phishing attack.

Mozilla said it is working on a fix for the problem, but did not disclose a time line for releasing a patch.

Suggested articles

Newsmaker Interview: Scott Helme on Securing the Web

Threatpost sat down with Helme to discuss the state of web security, including certificate transparency, HTTPS deployment, Let’s Encrypt, content security policy and HTTP strict transport security.

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.