Feeds

Firefox spoof bug returns from the dead

The Seven Year Itch

  • alert
  • submit to reddit

Intelligent flash storage arrays

A seven year-old type of vulnerability has been inadvertently re-introduced in the latest versions of Mozilla and Firefox. The resurrected flaw could be used by hackers or potential fraudster to spoof the contents of websites, Danish security alert firm Secunia says.

The security bug - "moderately critical", Secunia says - stems from a failure to check if a target frame belongs to a particular, opened website. This allows one browser window to load content into a named frame of another window.

This frame injection vulnerability has been confirmed in Firefox 1.0.4 and Mozilla 1.7.8. Version 0.8.4 of the Camino browser for Mac OS X - but not version 0.8.3 - is also vulnerable. Other versions may also be affected. Secunia has constructed a test here. It advises surfers to avoid browsing untrusted sites while browsing trusted sites pending a fix from the Mozilla Foundation.

In July 2004, Secunia warned that a similar frame injection vulnerability affected certain flavours of IE and Opera as well as earlier versions of Mozilla. ®

Related stories

Firefox exploit targets zero day vulns
Unholy trio menace Firefox
Browser bugs sprout eternal
Drive-by Trojans exploit browser flaws
Firefox loses its shine

Top 5 reasons to deploy VMware with Tegile

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.