A serious flaw in how Firefox handles log-ons could be used by identity thieves to dupe users into disclosing passwords, a security researcher says. Aviv Raff, an Israeli researcher best known for ferreting out browser flaws, revealed the Firefox spoofing vulnerability on his personal blog. Mozilla Corp.s most current version of the browser fails to sanitize single quotation marks and spaces in the “Realm” value of an authentication header. Raff outlined a pair of possible attack vectors, including a malicious site that included a link to a trusted site.”]
Source: https://www.csoonline.com/article/2122484/computerworld–firefox-hit-with-spoofing-bug.html