SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Wednesday, February 25th, 2026: Open Redirects; setHTML in Firefox; telnetd issues
10 snips
Feb 25, 2026 A surge in scans hunting open redirect flaws and how those redirects fuel phishing and OAuth abuse. Discussion of Firefox 148's setHTML and Sanitizer API replacing innerHTML to curb DOM-based XSS. New telnetd problems where environment variables and writable credential directories enable privilege escalation, plus suggested mitigation strategies.
AI Snips
Chapters
Transcript
Episode notes
Open Redirects Enable Phishing And OAuth Abuse
- Open redirects let a web app forward users to arbitrary sites without validation.
- Johannes Ulrich observed honeypots showing a spike of scans from one IP tied to a bulletproof hoster probing for open redirects used for phishing and OAuth abuse.
setHTML Reduces DOM Based XSS Risk
- Firefox added setHTML with a Sanitizer API to curb DOM XSS by blocking unsafe HTML and JavaScript.
- Johannes notes it balances innerHTML's risk and innerText's limitations while allowing controlled markup and Trusted Types support.
Block Traffic From Known Bulletproof Hosters
- Consider blocking or monitoring traffic from bulletproof hosters that scan for open-redirect flaws.
- Johannes recommends evaluating whether to block that AS because many abuse requests to IPVolume are ineffective.