drive-by email theft vulnerability

ThePirate — Thu, 06 Mar 2025 20:00:04 GMT

Yesterday after visiting sites for a solar panel and a battery home energy storage system (renogy, sportsmanswarehouse), clicking on the google ads for them, I immediately received spam emails from two sites I visited. I ***never*** entered this email anywhere; not in any form, not in an "inquiry" or sales form; not in related sites, not in purchases, etc. It was stolen without any action on my part, except visiting these sites through a google ad, while I was logged into google calendar app.

This happened shortly after I transitioned from safari to firefox on my old mac (macOS10.15.7). This was my private google email. I cannot definitively point the finger at firefox, but the timing ***strongly*** suggests this, related to some failing of firefox security that safari is not vulnerable to. My guess is that my google login credential was in a cookie that firefox allowed the sites to access, but safari does not.

Mac no longer supports the safari on this mac, so I cannot use it for many sites, but firefox does. So, if firefox can fix this vulnerability -GREAT. I would be much obliged. If it does not, this computer has to go into a landfill, for no reason other than planned obsolescence, which is a bummer.

To my knowledge, I had fairly strict security mode settings in firefox.

Deets:

FIREFOX 136.0

macOS10.15.7

MacBook Pro (Retina, 13-inch, Early 2013)

spam emails from: renogy@safeopt.com, sportsmanswarehouse@d.sportsmans.com

topic drive-by email theft vulnerability in Discussions

drive-by email theft vulnerability