Firefox spoof bug returns from the dead
PrintThe Seven Year Itch
Posted in Software & Security, 7th June 2005 12:23 GMT
Free whitepaper – Managing desktop software for fun and profit
A seven year-old type of vulnerability has been inadvertently re-introduced in the latest versions of Mozilla and Firefox. The resurrected flaw could be used by hackers or potential fraudster to spoof the contents of websites, Danish security alert firm Secunia says.
The security bug - "moderately critical", Secunia says - stems from a failure to check if a target frame belongs to a particular, opened website. This allows one browser window to load content into a named frame of another window.
This frame injection vulnerability has been confirmed in Firefox 1.0.4 and Mozilla 1.7.8. Version 0.8.4 of the Camino browser for Mac OS X - but not version 0.8.3 - is also vulnerable. Other versions may also be affected. Secunia has constructed a test here. It advises surfers to avoid browsing untrusted sites while browsing trusted sites pending a fix from the Mozilla Foundation.
In July 2004, Secunia warned that a similar frame injection vulnerability affected certain flavours of IE and Opera as well as earlier versions of Mozilla. ®
Related stories
Firefox exploit targets zero day vulns
Unholy trio menace Firefox
Browser bugs sprout eternal
Drive-by Trojans exploit browser flaws
Firefox loses its shine
Free whitepaper – Managing desktop software for fun and profit
Managing desktop software for fun and profit
Analyst Keynote: The Register Agile Data Center Summit
Dell PowerEdge R710 solution with VMware ESX vs. Dell PowerEdge 2850 solution
Seven ways to lower storage costs
Sign up, sign up for The Register IT security newsletter
Microsoft's Windows 7 price gamble - and why it's flawed
Managing Desktop Software for fun and profit
Intel's flash new SSDs hit by bugs