Mozilla will delay the next security update for Firefox so it can test a fix for a flaw that could be used by attackers by skirt security restrictions.
The flaw, disclosed by Polish researcher Michal Zalewski on the Full Disclosure security mailing list, could let a malicious site manipulate the authentication cookies for other sites' pages. It is present in the most recent version of the open-source browser, 220.127.116.11.
According to Zalewski, the bug might allow hackers to "tamper with the way these [third-party] sites are displayed or how they work."
Mozilla developers jumped on the bug and produced a fix by the next day. However, adding the patch to the Firefox 18.104.22.168 and 22.214.171.124 updates, which are still under development, will require more work. "We had to respin for [the patch] and now have Firefox 126.96.36.199 rc4 and 188.8.131.52 rc2 builds," wrote Firefox developer Jay Patel on the Mozilla.dev.planning forum. "We are [now] shooting for a target ship date of Thursday 2/22."
View: Full Article @ PC Advisor