Another Flaw Found in Mozilla Frame Injection Flaw Discovered in the Open Source Browser Tim Gray
It appears the Mozilla foundation must deal with another round of fixes to its popular browsers after a security firm pointed out that they are susceptible to a seven-year-old vulnerability that could let attackers spoof Web sites.
Danish security firm Secunia says both Mozilla 1.7.x and Firefox 1.x are susceptible to a frame injection flaw, first spotted in 1998, that allows attackers to spoof Web sites.
"The flaw means that if you are viewing a trusted site in one window and open a site belonging to a spoofer in another window, the spoofer can insert
code in the window showing the trusted site," Secunia wrote on one of their Web forums.
The security outfit has currently rated it as "moderately critical" and advises users not to download material from unknown or untrusted sources. The company has also posted an example exploit to allow users to test their browser for the flaw.
Hackers can now exploit the flaw and insert malicious content into trusted Web sites.
Last month, the Mozilla Foundation was forced to move quickly to patch three critical flaws in its browsers.
Some of the sheen has recently rubbed off the browser's security luster, as the more popular it has become — some estimates suggested Firefox has
grabbed 10 percent of the market — the more it has come under attack from hackers.
Mozilla recommends users close all tabs before accessing a site where a password, bank, or credit card may be used.
