It appears the Mozilla foundation must deal with another round of
fixes to its popular browsers after a security firm pointed out that
they are susceptible to a seven-year-old vulnerability that could let
attackers spoof Web sites.
Danish security firm Secunia says both Mozilla 1.7.x and Firefox 1.x are
susceptible to a frame injection flaw, first spotted in 1998, that allows
attackers to spoof Web sites.
“The flaw means that if you are viewing a trusted site in one window and
open a site belonging to a spoofer in another window, the spoofer can insert
code in the window showing the trusted site,” Secunia wrote on one of their
Web forums.
The security outfit has currently rated it as “moderately critical” and
advises users not to download material from unknown or untrusted sources.
The company has also posted an example exploit to allow users to test their
browser for the flaw.
Hackers can now exploit the flow and insert malicious content into
trusted Web sites.
Last month, the Mozilla Foundation was forced to move quickly to
patch
three critical flaws in its browsers.
Some of the sheen has recently rubbed off the browser’s security luster, as
the more popular it has become — some estimates suggested Firefox has
grabbed 10 percent of the market — the more it has come under scrutiny.
Mozilla recommends users close all tabs before accessing a site where a
password, bank or credit card may be used.