Mozilla’s first updated version of the Firefox Internet browser corrects a flaw that left users of the increasingly popular open-source browser prone to online fraud artists setting up fake Websites with names that couldn’t be distinguished from legitimate Websites.
The new Firefox is also said to fix several other flaws that also leave users prone to spoof sites by way of faked secure site icons or contents of inactive tabs, according to other reports.
The main spoof flaw, according to analysts and security firms which spotted it earlier this year, involved reading letter characters in Web addresses, where a Cyrillic letter in place of Latin script letters used in the English language couldn’t be distinguished from addresses written in Latin script.
According to analysts of the flaw, a Cyrillic letter ‘a’ resembles a Latin ‘a’ but, in a Web address, sent a surfer to a different Website entirely—and fraudsters who specialize in phishing attacks, which involve fake Websites or e-mails faking legitimate businesses, learned soon enough how to exploit the flaw.
The new Firefox now shows Web addresses with foreign scripts in code and preceded by ‘xn.’ Mozilla says the change is only temporary, but added that because of the browser’s open-source composition industry cooperation is vital for long-term solutions.
The other flaws, according to Secunia, the Danish security company, could be exploited by hackers out to lay their own code on vulnerable computers, either taking the computers over or letting them access an unsuspecting user’s files.
Before the new version’s fix, Firefox extensions (plug-ins, in Firefox talk) could be manipulated to create temporary directories exploitable by hackers looking to wipe out files, or to manipulate users into accidentally disclosing personal information that might be stored through Firefox’s automatic form-fill feature.
Still, temporary though these fixes are, the Firefox fixes came far more swiftly once discovered than security flaws in Microsoft’s Internet Explorer have undergone.
