Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spoofing Flaw Resurfaces in Mozilla Browsers

Posted by Zonk on from the going-back-in-time dept.

GregThePaladin writes "A 7-year-old flaw that could let an attacker place malicious content on trusted Web sites has resurfaced in the most recent Firefox browser, Secunia has warned. The flaw, which also affects some other Mozilla Foundation programs, lies in the way the software handles frames. The applications don't check whether the frames displayed in a single window all originate from the same Web site." Commentary on this at whitedust as well.

4 of 258 comments (clear)

  1. what about tabs? by farker+haiku · · Score: 5, Interesting

    from TFA:
    For a spoofing attempt to work, a surfer would need to have both the attacker's Web site and a trusted Web site open in different windows.

    So, uh, what about tabs? 'Cause I never have 2 windows open at the same time.

    --
    Your sig(k) has been stolen. There is a puff of smoke!
    1. Re:what about tabs? by Punkrokkr · · Score: 5, Informative

      I tried it in tabs, spoof does not work across tabs; just seperate windows.

      --

      There's no emoticon for what I'm feeling! -- CBG, "The Computer Wore Menace Shoes"
  2. IE has this vulnerability by interJ · · Score: 5, Informative
    See here.

    The bug in IE was reported almost a year ago, and it is still unpatched.

    The bug was reported in all major browsers (Mozilla and Firefox, Opera, Safari, Konqueror, IE), and was patched in all of them except IE. It has now reappeared in Mozilla.

  3. Re:So secure by Anonymous Coward · · Score: 5, Informative

    IE has the same flaw also, so parent should not be moderated as funny, but as informative.

    http://secunia.com/advisories/11966/