New versions of the Mozilla Foundation's browsers have reintroduced a seven-year-old flaw that makes them vulnerable to spoofing attacks, security advisory company Secunia said Monday.
Secunia first publicized the flaw last summer, warning that a feature that had been built into most browsers for years was in fact a security liability. The firm argued that a feature allowing one Web page to load arbitrary content into a frame of another page could allow an attacker to, for example, substitute his own log-in window on a bank's Web site. The feature was found in IE, Mozilla, Opera, Safari, and Mozilla derivatives such as Konqueror.
Most browser vendors, including Mozilla, agreed and updated their products to remove the feature. But it has been re-introduced in Firefox 1.0.4, Mozilla 1.7.8, and Camino 0.x, according to the firm.
The new vulnerability is a slight variation of the flaw fixed last year, Secunia said.
The Mozilla Project said it is investigating the report, and a moderator of the organisation's online support site said the flaw had not been exploited.
View: More Information
News source: InfoWorld
Secunia first publicized the flaw last summer, warning that a feature that had been built into most browsers for years was in fact a security liability. The firm argued that a feature allowing one Web page to load arbitrary content into a frame of another page could allow an attacker to, for example, substitute his own log-in window on a bank's Web site. The feature was found in IE, Mozilla, Opera, Safari, and Mozilla derivatives such as Konqueror.
Most browser vendors, including Mozilla, agreed and updated their products to remove the feature. But it has been re-introduced in Firefox 1.0.4, Mozilla 1.7.8, and Camino 0.x, according to the firm.
The new vulnerability is a slight variation of the flaw fixed last year, Secunia said.
The Mozilla Project said it is investigating the report, and a moderator of the organisation's online support site said the flaw had not been exploited.
View: More Information News source: InfoWorld
Who cares? "This exploit could be used to attack a text file on your computer, but only on odd-numbered wednesdays and on systems with exactly 2483872kb of RAM"
I really dislike companies like secunia. Go research something that matters.
Sorry for the confusion.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.