Firefox Vulnerable To 7-Year-Old Bug
Via TechWeb News.
Mozilla's current browsers, including the popular stand-alone Firefox, are susceptible, again, to a seven-year-old vulnerability that could let attackers spoof Web sites, a security company said Monday.
According to Danish security firm Secunia, Mozilla 1.7.x and Firefox 1.x are vulnerable to a frame injection flaw that first surfaced in 1998. Hackers could exploit the bug to insert their own content into the view of a legitimate site, to, for instance, pose as the log-in frame, then collect usernames and passwords to online bank accounts.
"The flaw means that if you are viewing a trusted site in one window (PayPal or your bank) and open a site belonging to a spoofer in another window, the spoofer can insert code in the window showing the trusted site," wrote a moderator on Mozilla's online forum Monday.