A certain method of phishing will no longer be viable in Mozilla’s Firefox browser. Data URIs are tools intended to help developers speed up their web pages and rank higher in search engines. They work by embedding text-based or image files in HTML documents so that it isn’t necessary to call a separate HTTP request which results in slower load times. Like most technologies intended to help developers provide a better service, URIs were eventually exploited and used in phishing attacks since any file was allowed to be embedded.
Many phishing attacks would embed malicious HTML and JavaScript code via a URI intended to be loaded in the browser’s navigation panel. Mozilla is blocking these sorts of attacks from happening in its browser update but it is taking into consideration different scenarios so that useful features won’t be accidentally inaccessible. Certain file types like pdf which can’t be used to perform a phishing attack will of course not blacklisted.
The article demonstrates the anti-phishing feature in action with this interesting gif. As you can see, clicking the link on the right browser window does not do anything, successfully preventing the attack.
This anti-phishing feature has been available in Google Chrome and Microsoft edge for quite some time but Mozilla is finally catching up. I personally use Chrome but after seeing the many positive changes that Firefox 59 is introducing, I may consider switching back.
Reference:
Comet Security 