Month: December 2007

  • Firefox Phishing Exploit

    Firefox has a built-in phishing filter that checks whether a site is blacklisted, and warns the user of the potential fraud and information theft a phishing site could do. It uses Google’s database or a downloaded list of sites according to the user’s preference.

    What follows is a quote from The irc.mozilla.org QDB, which caught my attention. Not only because I understood it, but also because I’ve already done it. It talks about a certain exploit to Firefox’s phishing protection/filter system.

    Someone nicknamed Hixie[1] stated:

    woah

    i think i just found a semi-serious issue with the phishing protection in firefox

    i went to a site that triggered the warning

    and my immediate reaction (without really thinking) was “oh i wonder why that is blocked, let’s have a look” and i immediately opened it _in IE_.

    possibly the worst thing i could have done.

    I just realized the gravity of the situation when I remembered doing the same mistake he just said a lot of times before. But, it came to me that there is just no workaround to curiosity.

    Oh, wel— … Hmmm …

    … But then again, there’s Linux.

    Footnote:

    1. ^ I guess this is Ian Hickson, but I’m not so sure.