Wednesday, June 29, 2022
HomeCyber SecurityFirefox 102 fixes handle bar spoofing safety gap (and helps with Follina!)...

Firefox 102 fixes handle bar spoofing safety gap (and helps with Follina!) – Bare Safety


This month’s scheduled Firefox launch is out, with the brand new 102.0 model patching 19 CVE-numbered bugs.

Regardless of the big variety of CVEs, the patches don’t embrace any bugs already being exploited within the wild (identified within the jargon as zero-days), and don’t embrace any bugs labelled Important.

Maybe essentially the most important patch is the one for CVE-2022-34479, entitled: A popup window could possibly be resized in a strategy to overlay the handle bar with net content material.

This bug permits a malicious web site to create a popup window after which resize it to overwrite the browser’s personal handle bar.

Fortuitously, this handle bar spoofing bug solely applies to Firefox on Linux; on different working methods, the bug apparently can’t be triggered.

As you recognize, the browser’s personal visible elements, together with the menu bar, search bar, handle bar, safety alerts, HTTPS padlock icon and extra, are alleged to be shielded from manipulation by untrusted net pages rendered by the browser.

These sacrosanct person interface elements are identified within the jargon as chrome (from which Google’s browser will get its identify, in case you have been questioning).

Browser chrome is off-limits to net pages for apparent causes – to forestall bogus web sites from misrepresenting themselves as reliable.

Because of this although phishing websites typically reproduce the look-and-feel of a official web site with uncanny precision, they aren’t supposed to have the ability to trick your browser into presenting them as in the event that they have been downloaded from a real URL.


Uncanny resemblance however happily the mistaken URL!
Aspect-by-side view of a current rip-off focusing on a South African financial institution
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments