Monday, June 06, 2005

Firefox Vulnerable To 7-Year-Old Bug

Via TechWeb News.

Mozilla's current browsers, including the popular stand-alone Firefox, are susceptible, again, to a seven-year-old vulnerability that could let attackers spoof Web sites, a security company said Monday.

According to Danish security firm Secunia, Mozilla 1.7.x and Firefox 1.x are vulnerable to a frame injection flaw that first surfaced in 1998. Hackers could exploit the bug to insert their own content into the view of a legitimate site, to, for instance, pose as the log-in frame, then collect usernames and passwords to online bank accounts.

"The flaw means that if you are viewing a trusted site in one window (PayPal or your bank) and open a site belonging to a spoofer in another window, the spoofer can insert code in the window showing the trusted site," wrote a moderator on Mozilla's online forum Monday.


Post a Comment

<< Home