Firefox has a built-in phishing filter that checks whether a site is blacklisted, and warns the user of the potential fraud and information theft a phishing site could do. It uses Google’s database or a downloaded list of sites according to the user’s preference.
What follows is a quote from The irc.mozilla.org QDB, which caught my attention. Not only because I understood it, but also because I’ve already done it. It talks about a certain exploit to Firefox’s phishing protection/filter system.
Someone nicknamed Hixie[1] stated:
woah
i think i just found a semi-serious issue with the phishing protection in firefox
i went to a site that triggered the warning
and my immediate reaction (without really thinking) was “oh i wonder why that is blocked, let’s have a look” and i immediately opened it _in IE_.
possibly the worst thing i could have done.
I just realized the gravity of the situation when I remembered doing the same mistake he just said a lot of times before. But, it came to me that there is just no workaround to curiosity.
Oh, wel— … Hmmm …
… But then again, there’s Linux.
Footnote:
- ^ I guess this is Ian Hickson, but I’m not so sure.
Comments
4 responses to “Firefox Phishing Exploit”
[…] Read more, and protect yourself. […]
Agreed. I’m quite sure the FF team would have a workaround for this loophole.
BTW,
TLA has finally replied, they cancelled my check and sent the money via PayPal, less $30.00 for the check cancellation fee. Totally unfair!
Check it out on my blog. Any luck with yours?
Curiosity kills the cat. ๐
Hoy aja. Musta na yung request kong tanggalin ang aking magandang surname sa links. hehehe. Gawin mo na lang Nicole Revereza. Hahaha. kidding. boyfriend’s surname. haha O kaya Nicole RR na lang. ๐