Critical Security Vulnerablity in Firefox

Recently while doing some developing a proof of concept to exploit a weak authentication system on a wireless network I found the following major security vulnerability in Firefox.


User is at a http page with a loggin form which has a https post back address (like facebook). In this case though the certificate on the postback address is invalid, (due to a man in the middle attack, or lazy network admins.) When the user click the loggin button firefox opens an https tunnel and sends the username and password across the wire using the bad certificate. It is only after this post is completed that firefox notifies the user the cert was invalid. This means that even though the https connection was using an invalid certificate the user never had the chance to cancel the send of the loggin data.

Leave a Reply