03:25 PM

Mozilla Working On Fix For Firefox Flaw

Mozilla has pushed back its next security update for Firefox so it will include a fix for a vulnerability that allows malicious Web sites to manipulate authentication cookies.

Mozilla said it is still working on the next security update for Firefox and will release it as soon as work is completed on a fix for a flaw that lets hackers tamper with how Web sites are displayed.

The security update for the open-source browser originally was slated to be released on Feb. 21 but was pushed back in order to accommodate a fix for this new flaw " the location.hostname vulnerability -- and other security and stability issues.

Michal Zalewski, a Polish security researcher, was the first to disclose the vulnerability last week on his mailing list, Full Disclosure. He explains that the flaw is in the most recent version of the Firefox browser -- -- but adds that it affects other recent versions, as well.

The vulnerability allows malicious Web sites to manipulate authentication cookies for third-party sites.

"The impact is quite severe: Malicious sites can manipulate authentication cookies for third-party webpages, and, by the virtue of bypassing same-origin policy, can possibly tamper with the way these sites are displayed or how they work," Zalewski writes.

Mike Schroepfer, vice president of engineering for Mozilla, says the new security update will be out "soon."

"We have not heard of any reported exploits of these vulnerabilities, however, we are working to address the issue as quickly as possible to minimize the security risk to Firefox users," he wrote in an email response to InformationWeek questions. "Mozilla takes security vulnerabilities very seriously. Our contributors have been working through the weekend to address this issue as quickly as possible."

Zalewski offers an online determination of whether your machine is at risk.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of July 24, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.