The Channel logo


By | John Leyden 7th June 2005 12:23

Firefox spoof bug returns from the dead

The Seven Year Itch

A seven year-old type of vulnerability has been inadvertently re-introduced in the latest versions of Mozilla and Firefox. The resurrected flaw could be used by hackers or potential fraudster to spoof the contents of websites, Danish security alert firm Secunia says.

The security bug - "moderately critical", Secunia says - stems from a failure to check if a target frame belongs to a particular, opened website. This allows one browser window to load content into a named frame of another window.

This frame injection vulnerability has been confirmed in Firefox 1.0.4 and Mozilla 1.7.8. Version 0.8.4 of the Camino browser for Mac OS X - but not version 0.8.3 - is also vulnerable. Other versions may also be affected. Secunia has constructed a test here. It advises surfers to avoid browsing untrusted sites while browsing trusted sites pending a fix from the Mozilla Foundation.

In July 2004, Secunia warned that a similar frame injection vulnerability affected certain flavours of IE and Opera as well as earlier versions of Mozilla. ®

Related stories

Firefox exploit targets zero day vulns
Unholy trio menace Firefox
Browser bugs sprout eternal
Drive-by Trojans exploit browser flaws
Firefox loses its shine

alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe