Scammers Exploit 11 Year-Old Firefox Vulnerability

Firefox Leaves Security Gap Open for Hackers…

One of the top used browsers, Firefox, has left a security gap open which hackers and scammers continue to exploit.  These cyber criminals are embedding an iframe into various malicious website’s source code, which can be exploited on each browser (Chrome, Edge, or Firefox).  However, it is how the browser reacts to it that is different.

iframe image provided by ZDNet

Due to Firefox’s security gap, this iframe will create an infinite loop of “authentication alerts” like what can be seen above.  The only way for the user to escape these alerts is to kill the browser.  To do so, they would need to end the browsing session within the Task Manager.

However, if the user is running Chrome, the pop-up box opens at the tab level of the browser instead of the browser level.  Meaning, users may close the tab without interrupting their entire browser session.  In Edge, the delay between the iframe and the browser is long enough, so the user may close the tab and/or browser without experiencing the constant loop of the iframe pop-up.

Although it remains unclear if/when Firefox will address the vulnerability — their resolution method will likely replicate one of their competitors.

10,945 total views, 1 views today

(Visited 1 times, 1 visits today)

15 thoughts on “Scammers Exploit 11 Year-Old Firefox Vulnerability

  1. Not clear to me how this constitutes a security threat. It is a damn nuisance having to kill the browser session, but what harm befalls, other than having to bail out? What is the purpose from the scammer’s point of view? Is there something else happening behind the scenes while one struggles to kill the endless loop?

    • If users put usernames or passwords in the pop-up box — they’re sharing that information with the hacker. You’re correct, it is a nuisance if you’re trying to close it. However, others may not close it and instead share their user credentials.

  2. I’ve reverted to MS Ver 7 on my PC as I didn’t like Ver 10. One of the main probs on Ver 7 is Internet Explorer which can’t interpret modern websites. I tried a number of alternatives and ended up using ‘Opera’ which is very intuitive, works well and works fast. It also has a built-in ad-blocker which is useful when reading newspapers.

    • Internet Explorer has been phased out by Microsoft, I would recommend using Edge if you want to stick to a Microsoft browser.

      • @Jc: @Devin Bergin: Phasing out one OS, in favor of another defective OS, is how MS pumps up the value of its stock, and assures there will be an OS-(n+1), and Gates will remain on the “Richest Man” list.

  3. I have recently received an email marked “spam” I usually just delete all my spam emails without ever reading them. However I accidentally opened one and started reading a little bit of it and the spammer says that my computer was hacked. I deleted the spam and haven’t noticed any changes in my computer. I also changed passwords to my computer and other accounts. Is there anything to worry about here?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.