Security News > 2021 > April > Mozilla Fixes Firefox Flaw That Allowed Spoofing of HTTPS Browser Padlock

Mozilla Fixes Firefox Flaw That Allowed Spoofing of HTTPS Browser Padlock
2021-04-20 20:40

The Mozilla Foundation fixed a flaw in its Firefox browser that allowed spoofing of the HTTPS secure communications icon, displayed as a padlock in the browser address window.

Successful exploitation of the flaw could have allowed a rogue website to intercept browser communications.

The patch was part of the non-profit's Monday update to Firefox 88 and its corporate Firefox ESR 78.10 browser and its Thunderbird 78.10 email client.

In total, Firefox 88 addresses 13 browser bugs, six of which are rated high-severity.

The browser padlock icon, used by all major browsers, indicates a secure communication channel between the browser and the server hosting the website.

Bug hunter Irvan Kurniawan is credited for unearthing two of the high-severity bugs and one moderate flaw fixed in Firefox Monday.


News URL

https://threatpost.com/mozilla-fixes-firefox-flaw/165501/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Mozilla 29 13 629 582 266 1490