Firefox Phishing Exploit

Firefox has a built-in phishing filter that checks whether a site is blacklisted, and warns the user of the potential fraud and information theft a phishing site could do. It uses Google’s database or a downloaded list of sites according to the user’s preference.

What follows is a quote from The irc.mozilla.org QDB, which caught my attention. Not only because I understood it, but also because I’ve already done it. It talks about a certain exploit to Firefox’s phishing protection/filter system.

Someone nicknamed Hixie[1] stated:

woah

i think i just found a semi-serious issue with the phishing protection in firefox

i went to a site that triggered the warning

and my immediate reaction (without really thinking) was “oh i wonder why that is blocked, let’s have a look” and i immediately opened it _in IE_.

possibly the worst thing i could have done.

I just realized the gravity of the situation when I remembered doing the same mistake he just said a lot of times before. But, it came to me that there is just no workaround to curiosity.

Oh, wel— … Hmmm …

… But then again, there’s Linux.

Footnote:

  1. ^ I guess this is Ian Hickson, but I’m not so sure.

4 Replies to “Firefox Phishing Exploit”

  1. Agreed. I’m quite sure the FF team would have a workaround for this loophole.

    BTW,

    TLA has finally replied, they cancelled my check and sent the money via PayPal, less $30.00 for the check cancellation fee. Totally unfair!
    Check it out on my blog. Any luck with yours?

  2. Hoy aja. Musta na yung request kong tanggalin ang aking magandang surname sa links. hehehe. Gawin mo na lang Nicole Revereza. Hahaha. kidding. boyfriend’s surname. haha O kaya Nicole RR na lang. 😀

Comments are closed.