Blog | G5 Cyber Security

New Firefox Flaw Enables URL Spoofing, Code Injection

Security researcher Michal Zalewski has identified a problem with the way that Mozilla Firefox handles links that are opened in a new browser window or tab. The vulnerability, which Mozilla has fixed in the upcoming version 3.6.4 of Firefox, has the effect of tricking users into thinking that they re visiting a legitimate site while instead sending arbitrary attacker-controlled code to their browsers. The harder way is to use an URL that legitimately returns HTTP 204; the easier way is simply call window.stop().

Source: https://threatpost.com/new-firefox-flaw-enables-url-spoofing-code-injection-062210/74138/

Exit mobile version