Spoofing Flaw Reappears in Firefox

According to Web security firm Secunia, a seven year-old vulnerability has crept back into Mozilla-based browsers. The flaw allows someone to spoof the content of a Web site, enabling a hacker to make malicious code appear as if it's coming from an otherwise trusted URL.


The bug was originally reported to affect almost every browser on the market, however, including Internet Explorer, Opera, Safari, Netscape, and KDE's Konqueror for Linux. The latest Mozilla-based browsers were immune at the time of the initial report, but are now vulnerable.

"The problem is that the browsers don't check if a target frame belongs to a Web site containing a malicious link, which therefore doesn't prevent one browser window from loading content in a named frame in another window," Secunia said last year in an earlier advisory warning of the same bug.

Documentation on the Secunia Web site indicates that KDE, Apple and Opera have fixed their browsers to prevent the issue from being exploited. Microsoft, meanwhile, has offered a workaround for Internet Explorer users.

"The advisory illustrates that vulnerabilities, even those thought resolved, can be introduced during the software development life-cycle," Jeremiah Grossman, CTO of WhiteHat Security, told BetaNews. "This further reinforces the notion that software requires frequent security review, especially software which is often updated."

Secunia has constructed a test to see if a users browser is affected, which can be viewed on the its Web site. The company recommends that if a user's browser is vulnerable, the user should refrain from visiting trusted Web sites while viewing untrusted ones.

35 Responses to Spoofing Flaw Reappears in Firefox

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.