Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Ordinary URL Spoofing Flaw Affects Firefox and Chrome

Security flaw related to rendering of URLs by Firefox and Chrome may let an attacker dupe end-user into going to some fake website.

Security Researcher Rafay Baloch, who discovered the flaw, is a winner of $5,000 for mixing a bug bounty. He explains that cyber-criminals could exploit the flaw and fool end-users into divulging personal credentials on a malware-rigged website, given the site looks genuine inside the address bar of the Web-browser.

Baloch in his earlier hacking experiment found the 'code execution from the remote' flaw within PayPal. He ended up a winner again because PayPal took him in for an employment along with rewarding him handsomely with $10,000. The spoofing of address bar of the stock browser in Android phone was also his discovery. The shortfall proved lethal for both Android's present and previous versions.

Elaborating the problem simply, it can be said that it relates to the way the aforementioned browsers make correspondences with URLs constructed with combined characters of LTR (Roman) and RTL (Arabic). Baloch states many browsers are obfuscated into inter-changing the URL parts, and thus duping the end-user into believing that he is on some other website instead of the one he is actually seeing.

That implies anybody opening the web-link that's possibly disguised within a tweet or spam mail will seem as visiting http://example.com, however, the website will be exhibiting material from Internet Protocol address.

Vulnerability in spoofing address bar can be successfully exploited as certain languages which are written left-to-right like Arabic are delivered in the unconventional way. For example, taking one right-to-left character like once typed forward slash, it's possible to use it for flipping an URL that can as well show a right-to-left rendering. Zdnet.com posted this, August 16, 2016.

Firefox 48 and Chrome 53, according to Baloch, have decided to resolve the problem. The problem existed and was resolved within Firefox for the vulnerability CVE-2016-5267, however, the exploitation pattern was slightly different as Mozilla (Firefox) utilizes some other codebase than Google (Chrome).

Bottom line: End-users require upgrading their Web-browsers to most recent editions for staying safe from the security bug.

ยป SPAMfighter News - 8/22/2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page