Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spoofing Flaw Resurfaces in Mozilla Browsers

Posted by Zonk on from the going-back-in-time dept.

GregThePaladin writes "A 7-year-old flaw that could let an attacker place malicious content on trusted Web sites has resurfaced in the most recent Firefox browser, Secunia has warned. The flaw, which also affects some other Mozilla Foundation programs, lies in the way the software handles frames. The applications don't check whether the frames displayed in a single window all originate from the same Web site." Commentary on this at whitedust as well.

6 of 258 comments (clear)

  1. So secure by Anonymous Coward · · Score: 4, Funny

    Oh, damn IE for being so insecure. Wait, this is about an Open Source browser---damn IE for being so insecure!

  2. The exploit by k4_pacific · · Score: 4, Funny

    Type: Spoofing
    Exploit: Local
    Effects: All browsers

    Description:
    A 7 year old vulnerability has been discovered in multiple browsers, allowing malicious people to spoof the content of websites.

    The problem is that the browsers don't check if a piece of black electrical tape is on the screen covering the address bar, which prevents the user from identifying the source of content in the browser window.

    Successful exploitation allows a malicious website to load arbitrary content with its source masked by the black tape. The user cannot know if this is a trusted site.

    Solution:
    Remove the piece of electrical tape from the screen. Windex may be necessary to clean up afterwards.

    --
    Unknown host pong.
  3. WTF? by Anonymous Coward · · Score: 0, Funny

    A 7-year-old flaw that could let an attacker place malicious content on trusted Web sites has resurfaced in the most recent Firefox browser, Secunia has warned.

    Jesus Fuck! How can these rat bastards let this happen? the world may fall apart... oh, it's not Microsoft? Oh, sorry, false alarm... These aren't the droids you're looking for.

  4. Re:Tough Issue by Fade_to_Blah · · Score: 1, Funny

    Just had more coffee, ignore that post:)

  5. Open sores is bad by tsa · · Score: 2, Funny

    You see? Another security fault in an open sores program. This is what you get if you don't pay your developers. Opening the source so that everyone can see the flaws is just asking for trouble. I'm going back to IE.

    --

    -- Cheers!

  6. New Frame Exploit Announced by megarich · · Score: 2, Funny

    This just in, putting your picture inside a frame may cause an unfavorable reaction to whoever is looking at it. The results can range from shreeks of horror, to nausea and an look of disdain on the viewers face. The fix is to burn the picture with the frame....