Comment: Mozilla Firefox Flaw Allowed Spoofing of HTTPS Browser Padlock, Fixed

By   ISBuzz Team
Writer , Information Security Buzz | Apr 22, 2021 04:57 am PST

It has recently been reported that the Mozilla Foundation fixed a flaw in its Firefox browser that allowed spoofing of the HTTPS secure communications icon, displayed as a padlock in the browser address window. Successful exploitation of the flaw could have allowed a rogue website to intercept browser communications. The patch was part of the non-profit’s Monday update to Firefox 88 and its corporate Firefox ESR 78.10 browser and its Thunderbird 78.10 email client. In total, Firefox 88 addresses 13 browser bugs, six of which are rated high-severity.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Natalie Page
Natalie Page , Cyber Threat Intelligence Analyst
April 22, 2021 12:58 pm

<p>For adversaries to successfully adopt an icon that is so well established for both safety and security as a tool for deception, is extremely unsettling. The secure-lock-icon is a symbol computer users are specifically taught to identify when establishing the legitimacy of a site. For attackers to successfully implement a symbol, which is held to such a high standard for computer security, on a malicious site is a tactic which shall be sure to capture the attention of other malicious operatives to arrogate as part of their own toolsets.</p> <p> </p> <p>For Firefox users, it is essential that the recent Firefox 88 update is implemented to ensure users do not fall victim to this technique. We have recently seen an uptick in sophisticated threat groups adopting proficient imagery spoofing techniques to deceive victims. Just this week, another campaign disseminated by the infamous Lazarus group has been uncovered utilising BMP imagery to disseminate their malicious tooling.</p>

Last edited 2 years ago by Natalie Page

Recent Posts

Would love your thoughts, please comment.x