On this Thanksgiving, many people are looking forward to spending time with their loved ones and enjoying a festive meal. However, cybercriminals are also preparing to launch malicious attacks on unsuspecting users, exploiting a newly discovered clickjacking threat in popular browsers.

New CISA warning: Thanksgiving clickjacking threat in popular browsers

Woman typing on laptop (Kurt "CyberGuy" Knutsson)

What is clickjacking?

Clickjacking is a trick where a malicious website tricks you into clicking on something different from what you think you're clicking on. Imagine you're trying to click on a button, to play a video, but instead, you're actually clicking on a hidden link that does something else, like sharing your personal information, downloading malware, transferring funds, or liking a page without you knowing. It's like a digital bait-and-switch.

New CISA warning: Thanksgiving clickjacking threat in popular browsers

Woman working on multiple devices (Kurt "CyberGuy" Knutsson)

CISA warns of clickjacking threat in Firefox and Thunderbird browsers

According to the Cybersecurity and Infrastructure Security Agency (CISA), a potential clickjacking threat has been identified in several versions of Mozilla’s Firefox and Thunderbird browsers, which could allow attackers to gain unauthorized control over affected systems. CISA has issued a warning to users and administrators to review the following advisories and update their browsers as soon as possible:

  • Firefox iOS 120
  • Firefox 120
  • Firefox ESR 115.5
  • Thunderbird 115.5.0
  • Mozilla Foundation Security Advisory 2023-49
  • Key Security Vulnerabilities Fixed in Firefox 120

The following are the key vulnerabilities with a high impact rating:

  • CVE-2023-6204 advisory: This vulnerability affects WebGL2 blitFramebuffer Out-of-Bound Memory Access. It could cause an out-of-bounds memory read that could leak data into canvas images on some system configurations. You should be careful not to click on any images that might be affected by this vulnerability.
  • Clickjacking Using Full-screen Transition: This vulnerability exploits the delay in the full-screen exit animation to trick users into clicking permission prompts. An attacker could use this technique to gain access to your system or data. You should be vigilant when exiting full-screen mode and avoid clicking on any suspicious prompts.

New CISA warning: Thanksgiving clickjacking threat in popular browsers

Woman using her cellphone and laptop at the same time (Kurt "CyberGuy" Knutsson)

Practical and simple solutions

In light of these threats, especially the clickjacking vulnerability around Thanksgiving, it's vital for you to stay vigilant. Here are some straightforward tips to enhance your online safety immediately:

  • Update Immediately: Ensure your browsers and software are up to date. This simple step is your first line of defense.
  • Be Cautious of Permissions: Be skeptical of any sudden permission prompts. If unsure, decline and revisit the website.
  • Regular Backups: Regularly back up important data. In case of a breach, you won't lose everything.
  • Use Security Software: Employ reputable antivirus and anti-malware software. They provide an additional security layer.  See our review of the Best Antivirus Protection of 2023 here.
  • Educate Yourself: Stay informed about the latest threats and safe browsing practices. Knowledge is power in cybersecurity.

Kurt's key takeaways

Cybersecurity is not something to take lightly, especially during the holiday season when you want to enjoy your time with your family and friends. By following the simple tips we shared, you can avoid falling victim to cybercriminals and keep your data and devices safe. Remember, the best defense is a good offense. Stay alert, stay informed, and enjoy a secure browsing experience this Thanksgiving.