A potential flaw in the way Firefox web browser handles log-ons could be used by identity thieves to dupe users into disclosing passwords, a leading security researcher has warned.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
According to Aviv Raff, an Israeli researcher, the flaw in Firefox 22.214.171.124 - Mozilla's latest version - could redirect the username and password entered by the user to the hacker's server instead of the real one.
An attacker could also create a web page with a link to a trusted website (for example, a bank, a PayPal account, webmail, etc.). When the victim clicks on the link, the trusted web page will be opened in a new window, and a script will be executed to redirect the new opened window to the attacker's web server, which will then return the specially crafted basic authentication response.