Firefox Vulnerability – known about for 17 years

Firefox Vulnerability that gets people to unwittingly click on something so hackers can steal your info

While many consider ditching Google, including its web browser Chrome, due to privacy concerns and in response to recent actions, Firefox has been one of the primary alternate options. A recent Firefox exploit demonstration that uses a combination of a malicious HTML file, ClickJacking, iframe and SSH bugs may change that. (Proof of Concept video)

While news of another broad base vulnerability is not surprising, the fact that it’s been known about for 17 years is startling! Put simply, it’s now known that this weakness allows a hacker to access all files in the same folder and its subfolders that contain the malicious HTML file you unwittingly downloaded and didn’t realize you clicked on. Previously this was not seen as an issue and was used in SOP (Same-Origin Policy, which is a considered a critical security mechanism) that allows scripts to access files in the same local location, speeding things up for your browsing pleasure. This is now a major issue after a researcher, Barak Tawily, found a way to remotely gain access to, and subsequently, steal these files and transfer them to a remote server. While Barak is the first to publicly disclose the information of this vulnerability, who’s to say that others haven’t used it in the past. In 2015 a similar vulnerability within SOP was found being used in the wild.

The response from Mozilla seemed to downplay the risk and leads one to believe there are no plans to fix the issue. So, what can you do? At this point, it’s best to just not use Firefox until they find a way to fix this. Why? Just going to a website that contains the malicious HTML file can easily fool a person to click on things, like something that looks like, but are not actually, those “Do you want to allow this site to give notifications?”, “Allow/Deny” (kind of like the one you likely clicked when you accessed this article – and no, we didn’t code ours to be malicious…) and just clicking that can give the hacker access, and you’re none the wiser.

For more in-depth information: https://thehackernews.com/2019/07/firefox-same-origin-policy-hacking.html

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 7 other subscribers

Featured by Psinergy

:: Recommended Businesses ::

Your Source for Holistic Health Services in the Twin Cities Metro Area

Free monthly magazine promoting holistic health and earth-friendly living practices in the Twin Cities