Scammers Exploit 11 Year-Old Firefox Vulnerability

Firefox Leaves Security Gap Open for Hackers…

One of the top used browsers, Firefox, has left a security gap open which hackers and scammers continue to exploit.  These cyber criminals are embedding an iframe into various malicious website’s source code, which can be exploited on each browser (Chrome, Edge, or Firefox).  However, it is how the browser reacts to it that is different.

iframe image provided by ZDNet

Due to Firefox’s security gap, this iframe will create an infinite loop of “authentication alerts” like what can be seen above.  The only way for the user to escape these alerts is to kill the browser.  To do so, they would need to end the browsing session within the Task Manager.

However, if the user is running Chrome, the pop-up box opens at the tab level of the browser instead of the browser level.  Meaning, users may close the tab without interrupting their entire browser session.  In Edge, the delay between the iframe and the browser is long enough, so the user may close the tab and/or browser without experiencing the constant loop of the iframe pop-up.

Although it remains unclear if/when Firefox will address the vulnerability — their resolution method will likely replicate one of their competitors.

Stop Responding to Threats.
Prevent Them.

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles