New Firefox flaws exploit pop-ups, phishing hole
Chicago (IL) - A pair of new flaws in Mozilla’s Firefox browser have found ways around the security infrastructure to fool the system and open up user PCs to potential attacks, according to a report published this week by SecuriTeam.
The first flaw affects Firefox users who have manually disabled pop-up windows. Through a hole in the browser, an intelligent hacker can find a way to disable a specific security check on a user’s computer, and bring up a fake permission screen asking the user to allow a pop-up to, for example, access a video or download. Upon allowing the pop-up, the hacker could then access the victim’s computer and steal personal information.
The second flaw concerns the phishing protection in Firefox. According to SecuriTeam, there is a fairly easy way to circumvent the browser’s phishing filter, by just adding specific characters into the URL of the site.
The phishing exploit affects users of the latest version of the browser, Firefox 2.0, though it is unclear at this time if the pop-up flaw can be executed in the new version. Users of older editions of Firefox are vulnerable to both flaws.
- IBM may outsource Power server production to Taiwan
- 2 GB DDR2 modules may not be mainstream until 2008
- Sony Ericsson W610 Walkman phone fuses phone, music, and digital camera in one
- Windows Mobile 6 Announced
- Apple To Ditch HDD In Favor Of All-Flash iPods
- Mac Pack Cries Foul Of "Vista Tax"
- TechDarling - Shiver Me Timbers
- Nvidia to turn Sideshow into a major attraction
- Comcast and Facebook partner to make "Facebook Diaries"
- Samsung Announces Its iPhone Killer, The Ultra Smart F700
- PDA market continues dramatic decline
- Microsoft to open Xbox Gamerscore rewards program
- Ricoh 500SE Digital Camera With WiFi, GPS, Kitchen Sink
- Microsoft unveils Windows Mobile 6 OS
- Nvidia posts game profiles
- Mobile ESPN comes back through Verizon
- Samsung to pay more for DRAM price fixing
- Circuit City to close dozens of stores
