The warning comes directly from CISAthat is to say Cybersecurity and Infrastructure Security Agencyand concerns the phenomenon of clickjacking and the Thanksgiving Day.
According to the American agency, in fact, the browser Firefox and the email client Thunderbird would be the main targets of cyber attackers. The technique known as clickjacking involves clever tricks that lead the victim to click on content that is not what it appears.
In this sense, for example, traps are widespread that present buttons to play videos which, in reality, direct the user to a malicious website. Here the victim is asked personal informations or a is proposed malicious software.
Firefox and Thunderbird at risk of clickjacking: here is a campaign spread in the USA (and beyond)
On the occasion of the American holiday, according to experts, a campaign of this kind is spreading, through an exploit, on some versions of the aforementioned Mozilla tools, more specifically on:
- Firefox 120 (also the iOS version);
- Firefox ESR 115.5;
- Thunderbird 115.5.0.
Vulnerability, known as CVE-2023-6204, appears to allow attackers to gain full control of infected systems. According to CISA statements, it is therefore essential to update the browser and email client affected by the flaw as soon as possible.
The campaign corresponding to the Thanksgiving Day 2023 period highlights how this technique is treacherous. Regardless of the time of year, therefore, it is necessary to take adequate precautions to avoid the risks associated with clickjacking.
Beyond the already mentioned software update he was born in operating system, there are other possible precautions. For example, in a mobile environment, it is best to pay great attention during the download phase authorization management granted to apps. If in doubt, it is best to avoid excessive concessions.
Another useful practice is that of backup. These must be regular, in order to remedy any compromises of the operating system affected by a malware attack. Finally, as has been known for some time, a good antivirus it can be excellent both in the prevention phase and to counteract an already existing infection.