Clickjacking in Firefox Hello

touch-25059_640Clickjacking, the art of tricking users into clicking on links or buttons that no sane person would ever click on. But how much damage can you do by stealing a few clicks? We are in 2015, we might think that this kind of vulnerabilities would have been solved by now. But that’s not the case.

Firefox Hello

Recently Mozilla launched Firefox Hello, their free service for video and voice conversations online. After a few tests, I noticed that hello.firefox.com website does not prevent framing.

Continue reading