New versions of the Mozilla Foundation’s browsers (Firefox 1.0.4, Mozilla 1.7.8) have reintroduced a seven-year-old flaw that makes them vulnerable to spoofing attacks, security advisory company Secunia said Monday.
Secunia first publicized the flaw last summer, warning that a feature that had been built into most browsers for years was in fact a security liability. The firm argued that a feature allowing one Web page to load arbitrary content into a frame of another page could allow an attacker to, for example, substitute his own log-in window on a bank’s Web site. The feature was found in IE, Mozilla, Opera (Overview, Articles, Company), Safari, and Mozilla derivatives such as Konqueror.
Source: Infoworld
RSS Feeds