Tuesday, March 21, 2023
HomeCyber SecurityFirefox 102 fixes handle bar spoofing safety gap (and helps with Follina!)...

Firefox 102 fixes handle bar spoofing safety gap (and helps with Follina!) – Bare Safety

This month’s scheduled Firefox launch is out, with the brand new 102.0 model patching 19 CVE-numbered bugs.

Regardless of the big variety of CVEs, the patches don’t embody any bugs already being exploited within the wild (recognized within the jargon as zero-days), and don’t embody any bugs labelled Crucial.

Maybe probably the most vital patch is the one for CVE-2022-34479, entitled: A popup window might be resized in a solution to overlay the handle bar with internet content material.

This bug permits a malicious web site to create a popup window after which resize it to overwrite the browser’s personal handle bar.

Happily, this handle bar spoofing bug solely applies to Firefox on Linux; on different working programs, the bug apparently can’t be triggered.

As you recognize, the browser’s personal visible elements, together with the menu bar, search bar, handle bar, safety alerts, HTTPS padlock icon and extra, are speculated to be shielded from manipulation by untrusted internet pages rendered by the browser.

These sacrosanct person interface elements are recognized within the jargon as chrome (from which Google’s browser will get its title, in case you had been questioning).

Browser chrome is off-limits to internet pages for apparent causes – to forestall bogus web sites from misrepresenting themselves as reliable.

Which means though phishing websites usually reproduce the look-and-feel of a authentic web site with uncanny precision, they aren’t supposed to have the ability to trick your browser into presenting them as in the event that they had been downloaded from a real URL.

Uncanny resemblance however luckily the mistaken URL!
Aspect-by-side view of a current rip-off concentrating on a South African financial institution


Please enter your comment!
Please enter your name here

Most Popular

Recent Comments