Security News > 2021 > April > Mozilla Fixes Firefox Flaw That Allowed Spoofing of HTTPS Browser Padlock
The Mozilla Foundation fixed a flaw in its Firefox browser that allowed spoofing of the HTTPS secure communications icon, displayed as a padlock in the browser address window.
Successful exploitation of the flaw could have allowed a rogue website to intercept browser communications.
The patch was part of the non-profit's Monday update to Firefox 88 and its corporate Firefox ESR 78.10 browser and its Thunderbird 78.10 email client.
In total, Firefox 88 addresses 13 browser bugs, six of which are rated high-severity.
The browser padlock icon, used by all major browsers, indicates a secure communication channel between the browser and the server hosting the website.
Bug hunter Irvan Kurniawan is credited for unearthing two of the high-severity bugs and one moderate flaw fixed in Firefox Monday.
News URL
https://threatpost.com/mozilla-fixes-firefox-flaw/165501/
Related news
- Mozilla Updates Firefox Terms Again After Backlash Over Broad Data License Language (source)
- Mozilla Revises Firefox Terms of Use After Inflaming Users Over Data Usage (source)
- Mozilla warns users to update Firefox before certificate expires (source)
- Mozilla warns Windows users of critical Firefox sandbox escape flaw (source)
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability (source)
- Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857) (source)
- Phishing-as-a-service operation uses DNS-over-HTTPS for evasion (source)