I've found a phishing exploit that can be used on IE / FF / Safari users.

[Ipquarx]

The reason they're not fixing the generic version of this bug ("Only present HTTP authentication dialogs if it is the top-level document initiating the auth") is because it actually does break a lot of sites and cause other compatibility issues. If you look at the bug comments ( https://bugzilla.mozilla.org/show_bug.cgi?id=647010 ) you'll see a bunch of people giving examples of where the update broke things.

I do think it should be fixed for image resources, because literally nobody does authentication through images and if they do they need to be slapped upside the head. Mention that, not in general, but just for image/video-based resources.

[Ad Bot]

[Gytyyhgfffff]

chrome is the best browser as we can now tell

[dargereldren]

i'm using firefox with a bit of css to show the broken image placeholder

[Pie Crust]

But you can tell it's phishing because it literally says

A username and password are being requested by http://animalspecial interestresearch.us. The site says: "Your Facebook session has timed out. Please log in again to continue."

If you can't see  http://animalspecial interestresearch.us. then you need to buy glasses.

[Bloody Mary]

But you can tell it's phishing because it literally says

A username and password are being requested by http://animalspecial interestresearch.us. The site says: "Your Facebook session has timed out. Please log in again to continue."

If you can't see  http://animalspecial interestresearch.us. then you need to buy glasses.

That's intended, it's just a placeholder name to demonstrate the exploit. But imagine if someone registered facebookauth.com or something and ran that kind of message. It would probably snag a few unwitting users.

[TheABELBOTO]

Chromium master race