Wednesday June 08, 2005 
Wednesday June 08, 2005
New Mozilla Firefox vulnerability found
"A 7-year-old flaw that could let an attacker place malicious content on trusted Web sites has resurfaced in the most recent Firefox browser, Secunia has warned. The flaw, which also affects some other Mozilla Foundation programs, lies in the way the software handles frames. The applications don't check whether the frames displayed in a single window all originate from the same Web site." Commentary on this at whitedust as well.
Basically, the flaw means that if you are viewing a trusted site in one window (eg paypal or your bank) and open a site belonging to a spoofer in another window, the spoofer can insert code in the window showing the trusted site.
This is a theoretical vulnerability, there have been no actual examples of anyone doing it. It affects Firefox 1.0.4 and Deer Park Alpha.
To protect yourself, close all other windows/tabs before accessing a site where you routinely put in a secure password (eg your bank or paypal account), or your bank or credit card details (eg Amazon), or other sensitive data. If you use one of the tabbed browsing extensions and can set it to always open links in new tabs, never in a new window, this also prevents the vulnerability from being exploited.
- Well, expect Firefox 1.0.5 soon. The patch has already been checked in.
(2005-06-08 09:41:05 SGT)
[Tech]
Permalink
Comments [2]
Post a Comment:
Comments are closed for this entry.
Most popular blog postings on lowem.log :
1. Singapore SIBOR interest rates fall to 1.5%, lowest since Dec 2004
2. Singapore SIBOR rate falls to 1.31%, lowest since Nov 2004
3. Live spot gold price quotes chart on COMEX
4. Fuel prices seen stoking Malaysia inflation in 2008
5. 2010 Honda Civic Hybrid preliminary specifications released
6. Singapore SIBOR rate fell to 1.25% in Apr 2008, lowest since Aug 2004
7. Malaysia inflation rate jumps to 7.7% in Jun 2008, a 26-year record high
8. Singapore : electricity tariffs to increase April 2008 on rising oil prices
Featured articles on lowem.log :
1. ABC Guide to Beating Inflation in Singapore and Elsewhere
2. Singapore inflation rate hits new 26-year high of 7.5% in Apr 2008
3. Singapore : Bread price inflation continues
4. 2010 Honda Civic Hybrid preliminary specifications released
5. Peakoiler buys 2008 Honda Civic Hybrid FD3
6. How to insert currency exchange rates into Google Spreadsheets
7. Singapore SIBOR rate falls to 0.94% in Nov 2008, lowest since Jul 2004
8. Singapore : Inflation erodes away bank savings
| archives | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| search | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Custom Search
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| sponsored links | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| bookmarks | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
about
sites
blogroll
forums |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| navigation | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| decals | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| powered by | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| hosted by | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Posted by gwunwai on June 09, 2005 at 03:49 PM SGT #
Bet the guy who fixed the old bug didn't comment his code :D
Posted by mocax on June 09, 2005 at 09:47 PM SGT #