Author Topic: Firefox 16 vulnerability allows spammers to steal Facebook access tokens  (Read 392 times)

0 Members and 1 Guest are viewing this topic.

Offline ebenzunlimited

  • Lead Admin
  • *****
Recently a researcher discovered a vulnerability in the latest version of Firefox ,v16.0, that allows attacker to gather detailed information about user browser history. Previous versions and later version are not affected.

Although it was initially believed that the vulnerability allow access to browser history, Mozilla representatives told Ars Technica that "the flaw allowed access to the URL of windows or frames to which the attacker has a reference only—generally the ones that the attacker opened."

Now, researcher published a proof-of-concept that demonstrate how an attacker collect your twitter account name when you click a button. The attacker opens a new window and load a specially crafted Twitter url that contains a personal Twitter ID. If a user signed in already, then h*ckers able to collect your twitter name.

When i read the story, I started to think in the Spammers' point of view. Recently, i report a Facebook scam that ask user to verify their account by pasting their access token in the h*cker's site.

I have just modified the poc with the spammer's code to display the authentication token of facebook, Successfully it worked for me.
Yes, it is very easy for a h*cker to steal the authentication token. Just one click is enough for h*cker to gain your authentication token without much effort.
« Last Edit: October 15, 2012, 02:17:45 PM by ebenzunlimited »
Insane I Lived♥ Sane I Died♥<img src='http://i253.photobucket.com/albums/hh74/reallytired2/family%20pictures/buckeye%20stuff/clap.gif' />

 

* Post Updates

Re: Export MBOX Files to Outlook PST Emails by Somit Vishwakarma
[November 28, 2020, 01:06:01 PM]


WPX is giving out 6 months of free WordPress hosting this week by obasimiracle
[November 25, 2020, 01:56:47 AM]


Re: Outlook PST Merge by ruth less
[November 11, 2020, 07:22:38 AM]

Inside: 3P Techies Blog

* Newest Techies

Get Updates


Sign up to get latest updates delivered to your inbox. No Spam, We Promise!

Get Hosting!

a Faster web hosting service

 

Copyright © 3rd Planet Techies. All rights Reserved.

Top || Mobile || Privacy