Firefox authentication box said to be vulnerable to spoofing for phishing attacks

By
Follow google news

The information in an authentication dialog box from Mozilla's Firefox browser can be spoofed, allowing an attacker to conduct phishing schemes, according to Israeli researcher Aviv Raff.

Firefox authentication box said to be vulnerable to spoofing for phishing attacks
The issue, which exists in the latest version of Firefox 2.0.0.11, allows an attacker to create what appears to be a dialog box from a trusted website.

Firefox fails to display characters in the “www-authenticate” header realm value after the last set of double quotes and fails to sanitize single quotes and spaces, making it possible for an attacker to create a specially crafted realm value from a well-known website, according to Raff.

An attacker can target an end-user with a specially crafted webpage with a link to a trusted website, then open the page in a new window, and eventually return the specially crafted authentication response. A fraudster can also embed an image pointing to their own server to return a basic authentication response through an email, RSS feed, forum, blog or social networking page, according to Raff.

A Mozilla representative could not be immediately reached for comment.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
attacksauthenticationbeboxfirefoxforphishingsaidsecurityspoofingtovulnerable

Sponsored Whitepapers

2026 Engineering Reality Report
2026 Engineering Reality Report
How Kraft Heinz Transformed Planning with AI & 5 M+ Data Sets
How Kraft Heinz Transformed Planning with AI & 5 M+ Data Sets
Defend Your Network from the Next Generation of AI Threats
Defend Your Network from the Next Generation of AI Threats
Optus Enterprise Mobility
Optus Enterprise Mobility
Life After VMware: Scale Securely with mCloud by Micron21
Life After VMware: Scale Securely with mCloud by Micron21

Events

Most Read Articles

Euro cops take down cybercrime network with 49 million fake accounts

Euro cops take down cybercrime network with 49 million fake accounts
QLD government retires CISO position title

QLD government retires CISO position title
Hidden "Glassworm" malware spreads through infected VS Code extensions

Hidden "Glassworm" malware spreads through infected VS Code extensions
Microsoft breaks Windows 11 Recovery Environment in October update

Microsoft breaks Windows 11 Recovery Environment in October update
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?