Mozilla's current browsers, including the popular stand-alone Firefox, are susceptible, again, to a seven-year-old vulnerability that could let attackers spoof Web sites, a security company says.
Mozilla's current browsers, including the popular stand-alone Firefox, are susceptible, again, to a seven-year-old vulnerability that could let attackers spoof Web sites, a security company said Monday.
According to Danish security firm Secunia, Mozilla 1.7.x and Firefox 1.x are vulnerable to a frame injection flaw that first surfaced in 1998. Hackers could exploit the bug to insert their own content into the view of a legitimate site, to, for instance, pose as the log-in frame, then collect usernames and passwords to online bank accounts.
"The flaw means that if you are viewing a trusted site in one window (PayPal or your bank) and open a site belonging to a spoofer in another window, the spoofer can insert code in the window showing the trusted site," wrote a moderator on Mozilla's online forum Monday.
Secunia rated the bug as "moderately critical," and posted an example exploit so users could test their browser for the flaw.
The same vulnerability was spotted in Firefox, as well as virtually every other browser in use, almost a year ago, and fixed in a pre-release version of Firefox and in Mozilla 1.7. The new vulnerability is a slight variation of that fixed flaw.
"To protect yourself, close all other windows/tabs before accessing a site where you routinely put in a secure password (your bank or PayPal account), or your bank or credit card details (e.g. Amazon), or other sensitive data," recommended Mozilla's online moderator.
The Business of Going DigitalDigital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
What The Business Really Thinks Of IT: 3 Hard TruthsThey say perception is reality. If so, many in-house IT departments have reason to worry. InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business views IT's performance in delivering services - and, more important, powering innovation. The news isn't great.