The Mozilla Foundation releases Firefox 88, fixing 13 bugs ranging from high to low severity. The Mozilla Foundation fixed a flaw in its Firefox browser that allowed spoofing of the HTTPS secure communications icon, displayed as a padlock in the browser address window. Successful exploitation of the flaw could have allowed a rogue website to intercept browser communications. Padlock Bug: False Sense of Security Tracked as CVE-2021-23998, the secure-lock-icon bug effects both the consumer and corporate versions of Firefox browsers prior to the Monday releases. “Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page,” wrote Mozilla in its security advisory.