Firefox And Opera Security: Phisher Life Just Got Easier

By | September 5, 2012 | 5 Comments

Firefox And Opera Security: Phisher Life Just Got EasierPhishing by the data URI.

According to a report from TheRegister, Henning Klevjer, a student from Norway, has modified a somewhat old phishing technique (documented by Billy Rios and Nathan McFeters), which allows phishers to hide the entire malicious web page and transform it into a clickable link.

So what exactly is data URI? Known as the “Uniform Resource Identifier scheme”, it allows webmasters to include data in line in web pages as if they were external resources.

With the help of services like TinyURL, phisher can create a malicious page and shorten it to a length that can be easily passed by the email, Facebook or other social services.

However, while Google Chrome blocks redirection to data URIs and Internet Explorer did not load the exploited code, both Firefox and Opera were successfully compromised, according to Henning Klevjer.

Interestingly enough, such attacks are known for a long time and were used target Internet Explorer 6 and 7.

Head over to the source for more details.


About (Author Profile)


Vygantas is a former web designer whose projects are used by companies such as AMD, NVIDIA and departed Westood Studios. Being passionate about software, Vygantas began his journalism career back in 2007 when he founded FavBrowser.com. Having said that, he is also an adrenaline junkie who enjoys good books, fitness activities and Forex trading.

  • Guy

    That’s nonsense, because the URL still looks like “data:text/html;base64,…”.
    Unless you are blind, there’s nothing more insecure in putting the web page into an URI than on a server.

  • http://twitter.com/bricky149 Shane Bundy

    Why wasn’t Safari and Maxthon tested? I’m curious to know the results.

  • Prevacator

    Seems to work using memory corruption. I think I’m safe since I have Firefox running with the EMET security enhancements.

    • jayjam

      What does memory corruption have to do with this?

  • M H

    there is a option in opera
    Settings > Preferences > Advanced > Network > >check box> “Enable automatic redirection”.
    what is this?