Firefox 102 fixes address bar spoofing security hole (and helps with Follina!)

2022-06-29 18:11

This bug allows a malicious website to create a popup window and then resize it to overwrite the browser's own address bar.

This address bar spoofing bug only applies to Firefox on Linux; on other operating systems, the bug apparently can't be triggered.

As you know, the browser's own visual components, including the menu bar, search bar, address bar, security alerts, HTTPS padlock icon and more, are meant to be shielded from manipulation by untrusted web pages rendered by the browser.

Intriguingly, this month's fixes includes two CVES that have the same bug title, and that permit the same security misbehaviour, even though they're otherwise unrelated and were found by different bug-hunters.

As the bug name suggests, these flaws mean that an image file that you save to your desktop by dragging-and dropping it from Firefox could end up saved to disk with an extension such as.

Remember that ESR 91.11 denotes Firefox 91 with 11 updates' worth of security fixes, and because 91+11 = 102, you can easily tell that you're level with the latest mainstream version as far as security patches are concerned.

News URL

https://nakedsecurity.sophos.com/2022/06/29/firefox-102-fixes-address-bar-spoofing-security-hole/

#firefox #security