Issue
The URL in the address bar can be spoofed when a new window or tab is opened by a malicious web page.
Impact to users
If a user visits a page hosting this malicious code, a new window or tab can be opened with a faked URL. There is no way of determining if the URL is authentic. This could result in the user disclosing confidential information to the malicious site, known as a phishing attack.
Status
This vulnerability is known to affect all current versions of Firefox. Mozilla is actively working on fixing this vulnerability. Users can mitigate this vulnerability by only sharing confidential information with websites that were opened from a bookmark, a trusted source, or by manually opening a new tab or window and entering a URL.
Credit
This issue was originally reported by Juan Pablo Lopez Yacubian.
LpSolit wrote on
Buggie wrote on
LpSolit wrote on
Confused wrote on
SOY wrote on
Zack wrote on
Confused wrote on
AndrewM wrote on
Douglas Haire wrote on
Daniel Veditz wrote on
Byron wrote on
Daniel Veditz wrote on
Greg R. wrote on
Daniel Veditz wrote on
Internet Protection wrote on