Security News Malicious sites abuse 11-year-old Firefox bug that Mozilla failed to fix

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Content source
https://www.zdnet.com/article/malicious-sites-abuse-11-year-old-firefox-bug-that-mozilla-failed-to-fix/
Bug dealt with in Chrome and Edge, but still a problem for Firefox users.

Malware authors, ad farmers, and scammers are abusing a Firefox bug to trap users on malicious sites.

This wouldn't be a big deal, as the web is fraught with this kind of malicious sites, but these websites aren't abusing some new never-before-seen trick, but a Firefox bug that Mozilla engineers appear to have failed to fix in the 11 years ever since it was first reported back in April 2007.

The bug narrows down to a malicious website embedding an iframe inside their source code. The iframe makes an HTTP authentication request on another domain. This results in the iframe showing an authentication modal on the malicious site, like the one below.
....
.....
Click to expand...
Sure, Mozilla is an open source project, and it doesn't have unlimited resources to handle all the reported issues, but you'd think that after more than 11 years a Firefox engineer would find the time to fix an actively exploited issue.
Click to expand...
 
  • Like
Reactions: vtqhtr413, DeepWeb, KonradPL and 11 others
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • Thanks
Mozilla patches Firefox, Thunderbird against zero-day exploited in attacks
Replies
1
Views
1,514
News Archive
nicolaasjan
nicolaasjan
CyberTech
    • Like
New Update Why we’re renaming ‘Firefox accounts’ to ‘Mozilla accounts’
Replies
1
Views
504
Firefox
sartic
sartic
Ink
    • Like
    • Wow
Apple security researcher failed to disclose a 0-day Chrome exploit to Google; misses out on $10,000 reward
Replies
0
Views
1,623
News Archive
Ink
Ink

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top