Last week it was reported that Outlook app for Android, which is used by more…
The problem is that content of the address line can be faked.
“It was observed that the DuckDuckGo privacy browser ominibar can be spoofed by a crafted javascript page spoofing setInterval` function and reloading the URL in every 10 to 50 ms.”, — reported Dhiraj Mishra.
While real website duckduckgo.com automatically loads every 50 milliseconds, researcher managed to have reflection of the entirely different content in browser.
PoC-exploit can be seen below.
Internet-security specialists have good reasons to call such attacks to be the worst type of fishing, as if user cannot trust its own browsers’ address line, the things are bad.
Issue is still not fixed, though researcher reported about it via HackerOne platform in October 2018. After a long discussion, DuckDuckGo developers preferred to mark report on vulnerability as “informative”, paid a revenue to a researcher, but said that do not view bug as a serious vulnerability.
Source: https://securityaffairs.co
Qehu - General Info Qehu is a destructive software functioning as typical ransomware. Michael Gillespie,…
Qepi Virus - Details Qepi is a destructive software functioning as typical ransomware. Michael Gillespie,…
Wifebaabuy.live is a domain that tries to trick you into clik to its browser notifications…
Relativeads.net is a domain that tries to force you into clik to its browser notifications…
Vamtoacm.com is a domain that tries to force you into clik to its browser notifications…
Clicks2apk.com is a site that tries to force you into subscribing to its browser notifications…