New CISA warning: Thanksgiving clickjacking threat in popular browsers

On this Thanksgiving, many people are looking forward to spending time with their loved ones and enjoying a festive meal. However, cybercriminals are also preparing to launch malicious attacks on unsuspecting users, exploiting a newly discovered clickjacking threat in popular browsers.

CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK VIDEO TIPS, TECH REVIEWS, AND EASY HOW-TO’S TO MAKE YOU SMARTER

Woman typing on laptop (Kurt "CyberGuy" Knutsson)

MORE: 20 BEST BLACK FRIDAY DEALS

What is clickjacking?

Clickjacking is a trick where a malicious website tricks you into clicking on something different from what you think you’re clicking on. Imagine you’re trying to click on a button, to play a video, but instead, you’re actually clicking on a hidden link that does something else, like sharing your personal information, downloading malware, transferring funds, or liking a page without you knowing. It’s like a digital bait-and-switch.

Woman working on multiple devices (Kurt "CyberGuy" Knutsson)

MORE: BEST BLACK FRIDAY LAPTOP DEALS

CISA warns of clickjacking threat in Firefox and Thunderbird browsers

According to the Cybersecurity and Infrastructure Security Agency (CISA), a potential clickjacking threat has been identified in several versions of Mozilla’s Firefox and Thunderbird browsers, which could allow attackers to gain unauthorized control over affected systems. CISA has issued a warning to users and administrators to review the following advisories and update their browsers as soon as possible:

• Firefox iOS 120
• Firefox 120
• Firefox ESR 115.5
• Thunderbird 115.5.0
• Mozilla Foundation Security Advisory 2023-49
• Key Security Vulnerabilities Fixed in Firefox 120

The following are the key vulnerabilities with a high impact rating:

• CVE-2023-6204 advisory: This vulnerability affects WebGL2 blitFramebuffer Out-of-Bound Memory Access. It could cause an out-of-bounds memory read that could leak data into canvas images on some system configurations. You should be careful not to click on any images that might be affected by this vulnerability.
• Clickjacking Using Full-screen Transition: This vulnerability exploits the delay in the full-screen exit animation to trick users into clicking permission prompts. An attacker could use this technique to gain access to your system or data. You should be vigilant when exiting full-screen mode and avoid clicking on any suspicious prompts.

Woman using her cellphone and laptop at the same time (Kurt "CyberGuy" Knutsson)

Practical and simple solutions

In light of these threats, especially the clickjacking vulnerability around Thanksgiving, it’s vital for you to stay vigilant. Here are some straightforward tips to enhance your online safety immediately:

• Update Immediately: Ensure your browsers and software are up to date. This simple step is your first line of defense.
• Be Cautious of Permissions: Be skeptical of any sudden permission prompts. If unsure, decline and revisit the website.
• Regular Backups: Regularly back up important data. In case of a breach, you won’t lose everything.
• Use Security Software: Employ reputable antivirus and anti-malware software. They provide an additional security layer.  See our review of the Best Antivirus Protection of 2023 here.
• Educate Yourself: Stay informed about the latest threats and safe browsing practices. Knowledge is power in cybersecurity.

Kurt’s key takeaways

Cybersecurity is not something to take lightly, especially during the holiday season when you want to enjoy your time with your family and friends. By following the simple tips we shared, you can avoid falling victim to cybercriminals and keep your data and devices safe. Remember, the best defense is a good offense. Stay alert, stay informed, and enjoy a secure browsing experience this Thanksgiving.

How do you plan to protect yourself from clickjacking and other cyberthreats this holiday season? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you’d like us to cover.

Answers to the most asked CyberGuy questions:

• What is the best way to protect your Mac, Windows, iPhone and Android devices from getting hacked?
• What is the best way to stay private, secure and anonymous while browsing the web?
• How can I get rid of robocalls with apps and data-removal services?

Copyright 2023 CyberGuy.com. All rights reserved.