“There is a newly discovered vulnerability in Mozilla’s flagship Firefox browser that could enable an attacker to trick a user into providing his login credentials for a given site by using an obfuscated URL. In most cases, Firefox will display an alert when a URL has been obfuscated, but by using an iFrame, an attacker can evade this layer of protection, possibly leading to a compromise of the user’s sensitive information.”
Here is some more Tech News from around the web:
- Intel introduces two new Atom processors for storage applications @ DigiTimes
- A Quick Look at the Self-Installing HP LaserJet P1606dn @ techspot
- Tones Overclocking Day – LN2 Overclocking Academy @ Madshrimps
- Win a Beats by Dr. Dre Tour with ControlTalk In-Ear Headphones @ t-break
The iFrame strikes again; careful where you log in
iFrames are a tried and true way of delivering nastiness to your machine while you browse the web. The newest trick that the sne’er-do-wells have learned is to bypass the defence that Firefox uses against misleading and obfuscated URLs by using an iFrame to load the page. No fix is available as of yet so you might want to be extra careful entering your personal data and logging into sites you’d rather not let others have access to. On the plus side there is no mention of malware installing its self in the story from Slashdot, as the security concerns are more than enough to worry about.