page contents Malicious sites abuse 11-year-old Firefox bug that Mozilla failed to fix – The News Articles
Home / Tech News / Malicious sites abuse 11-year-old Firefox bug that Mozilla failed to fix

Malicious sites abuse 11-year-old Firefox bug that Mozilla failed to fix

Malware authors, advert farmers, and scammers are abusing a Firefox malicious program to lure customers on malicious websites.

This would not be a large deal, because the internet is fraught with this sort of malicious websites, however those web sites don’t seem to be abusing some new never-before-seen trick, however a Firefox malicious program that Mozilla engineers seem to have failed to mend within the 11 years ever because it used to be first reported again in April 2007.

The malicious program narrows right down to a malicious website online embedding an iframe within their supply code. The iframe makes an HTTP authentication request on some other area. This leads to the iframe appearing an authentication modal at the malicious website online, like the only beneath.

firefox-authentication-demo.png

For the previous few years, malware authors, advert farmers, and scammers had been abusing this malicious program to entice customers on websites the place they display all kinds of nasties, similar to tech beef up scams, advert farms that reload the web page with new advertisements in a loop, pages that push customers to shop for faux reward playing cards, or websites that provide malware-laced tool updates.

Every time customers attempt to go away, the house owners of those shady websites cause the authentification modal in a loop. Each and every time the consumer dismisses it, some other request is made, and a brand new modal seems, successfully preserving the consumer captive at the malicious websites till they shut the browser altogether, and are compelled to begin a brand new surfing consultation.

However regardless of being reported again and again for seven different instances [1, 2, 3, 4, 5, 6, 7], this factor has long gone unfixed, for unknown causes, and crooks have gladly abused all of it this time.

The newest instance of abuse comes from a consumer who reported the problem as soon as once more nowadays, after touchdown on this type of shady websites that attempted to drive him into putting in a suspicious Firefox extension.

“To start with, it’s opened complete display mode. With some faux Home windows conversation (I’m the use of Linux so I realize it is pretend),” the consumer stated. “It attempted to [force] me set up their extensions.”

“Then I press ESC to go out complete display. I click on the shut button of tab or window, but it surely does not paintings as it has this login conversation. I click on shut button of the login conversation or cancel button. Then the conversation will seem once more. I click on the ‘Do not permit’ button of extension set up pop over, however it sort of feels now not clickable. I killed the Firefox procedure, which is the one answer for me.”

firefox-bug-abused.pngfirefox-bug-abused.png
Symbol: Guo Yunhe

Certain, Mozilla is an open supply undertaking, and it does not have limitless sources to care for the entire reported problems, however you would suppose that once greater than 11 years a Firefox engineer would to find the time to mend an actively exploited factor.

According to the comments left through different customers at the reported factor, the Firefox crew’s perfect wager is to apply how Edge and Chrome have handled this identical factor.

Edge: The extend between authentication modals in Edge is huge sufficient to permit the consumer to near the tab or the browser.

Chrome: The authentication conversation window has been moved from the browser window degree to every tab’s degree. This implies the competitive authentication dialogs best blocks the tab, and now not all the browsers, permitting the consumer to simply shut the abusive tab.

Extra browser information:

About thenewsarticles

Check Also

protect and organize small electronics with the 8 amazonbasics travel case - Protect and organize small electronics with the $8 AmazonBasics Travel Case

Protect and organize small electronics with the $8 AmazonBasics Travel Case

You almost certainly know the battle of seeking to stay a couple of gadgets and …

Leave a Reply

Your email address will not be published. Required fields are marked *