Firefox spoof bug returns from the dead
PrintThe Seven Year Itch
Posted in Enterprise Security, 7th June 2005 12:23 GMT
Free whitepaper – Avoiding 7 common mistakes of IT security compliance
A seven year-old type of vulnerability has been inadvertently re-introduced in the latest versions of Mozilla and Firefox. The resurrected flaw could be used by hackers or potential fraudster to spoof the contents of websites, Danish security alert firm Secunia says.
The security bug - "moderately critical", Secunia says - stems from a failure to check if a target frame belongs to a particular, opened website. This allows one browser window to load content into a named frame of another window.
This frame injection vulnerability has been confirmed in Firefox 1.0.4 and Mozilla 1.7.8. Version 0.8.4 of the Camino browser for Mac OS X - but not version 0.8.3 - is also vulnerable. Other versions may also be affected. Secunia has constructed a test here. It advises surfers to avoid browsing untrusted sites while browsing trusted sites pending a fix from the Mozilla Foundation.
In July 2004, Secunia warned that a similar frame injection vulnerability affected certain flavours of IE and Opera as well as earlier versions of Mozilla. ®
Related stories
Firefox exploit targets zero day vulns
Unholy trio menace Firefox
Browser bugs sprout eternal
Drive-by Trojans exploit browser flaws
Firefox loses its shine
Free whitepaper – Vulnerability management buyer's checklist
Analyst Keynote: The Register Agile Data Center Summit
What Exchange can't do - and Dell can
Enabling The Agile Data Center
Analyst Keynote: The Register Agile Data Center Summit
Breaching Fort Apache.org - What went wrong?
Snow Leopard security - The good, the bad and the missing
US Dems fill inboxes with 419 scams
BlockMaster SafeStick hardware-encrypted USB drive