web analytics

Malicious sites abuse 11-year-old Firefox bug that Mozilla failed to fix

Bug dealt with in Chrome and Edge, but still a problem for Firefox users.

 

December 8th 2018, By Catalin Cimpanu

 

Malware authors, ad farmers, and scammers are abusing a Firefox bug to trap users on malicious sites.

 

This wouldn’t be a big deal, as the web is fraught with this kind of malicious sites, but these websites aren’t abusing some new never-before-seen trick, but a Firefox bug that Mozilla engineers appear to have failed to fix in the 11 years ever since it was first reported back in April 2007.

 

The bug narrows down to a malicious website embedding an iframe inside their source code. The iframe makes an HTTP authentication request on another domain. This results in the iframe showing an authentication modal on the malicious site, like the one below.

 

firefox-authentication-demo.png

 

Full Article.






Take a look at the best antivirus, anti-malware, anti-spy, etc. software