A potential flaw in the way Firefox web browser handles log-ons could be used by identity thieves to dupe users into disclosing passwords, a leading security researcher has warned.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
According to Aviv Raff, an Israeli researcher, the flaw in Firefox 18.104.22.168 - Mozilla's latest version - could redirect the username and password entered by the user to the hacker's server instead of the real one.
An attacker could also create a web page with a link to a trusted website (for example, a bank, a PayPal account, webmail, etc.). When the victim clicks on the link, the trusted web page will be opened in a new window, and a script will be executed to redirect the new opened window to the attacker's web server, which will then return the specially crafted basic authentication response.