Firefox Phishing Exploit



in ,

Firefox has a built-in phishing filter that checks whether a site is blacklisted, and warns the user of the potential fraud and information theft a phishing site could do. It uses Google’s database or a downloaded list of sites according to the user’s preference.

What follows is a quote from The QDB, which caught my attention. Not only because I understood it, but also because I’ve already done it. It talks about a certain exploit to Firefox’s phishing protection/filter system.

Someone nicknamed Hixie[1] stated:


i think i just found a semi-serious issue with the phishing protection in firefox

i went to a site that triggered the warning

and my immediate reaction (without really thinking) was “oh i wonder why that is blocked, let’s have a look” and i immediately opened it _in IE_.

possibly the worst thing i could have done.

I just realized the gravity of the situation when I remembered doing the same mistake he just said a lot of times before. But, it came to me that there is just no workaround to curiosity.

Oh, wel— … Hmmm …

… But then again, there’s Linux.


  1. ^ I guess this is Ian Hickson, but I’m not so sure.


4 responses to “Firefox Phishing Exploit”

  1. Agreed. I’m quite sure the FF team would have a workaround for this loophole.


    TLA has finally replied, they cancelled my check and sent the money via PayPal, less $30.00 for the check cancellation fee. Totally unfair!
    Check it out on my blog. Any luck with yours?

  2. Curiosity kills the cat. ๐Ÿ™‚

  3. Hoy aja. Musta na yung request kong tanggalin ang aking magandang surname sa links. hehehe. Gawin mo na lang Nicole Revereza. Hahaha. kidding. boyfriend’s surname. haha O kaya Nicole RR na lang. ๐Ÿ˜€