New Hack Weaponizes the Web Cache

A newly discovered attack forces Web cache servers to deliver malicious content to website visitors – and also exposes a major security hole in Mozilla’s Firefox browser infrastructure.

James Kettle, head of research at PortSwigger Web Security, exploited security weaknesses in the design of website infrastructure to hack the Web caches of major sites and platforms: a US government agency, a popular cloud platform provider, a hosting platform provider, a software product, a video game, an investment firm’s investor information, and some online stores.

Read more about the design flaws in Web caching that can be exploited to take control of popular websites, frameworks – and the Mozilla Firefox browser infrastructure, on DarkReading.