A seven year old vulnerability has been re-introduced in Mozilla and Firefox, which can be exploited by malicious people to spoof the contents of web sites.
The vulnerability, rated ‘Moderately critical’ by Danish security firm Secunia, has been confirmed in Firefox 1.0.4 and Mozilla 1.7.8 – other versions may also be affected.
Secunia has warned users not to browse untrusted web sites while browsing trusted sites. Secunia has also constructed a test, which can be used to check if your browser is affected.
"The flaw means that if you are viewing a trusted site in one window (PayPal or your bank) and open a site belonging to a spoofer in another window, the spoofer can insert code in the window showing the trusted site," explains a moderator on Mozilla’s forum.
"To protect yourself, close all other windows/tabs before accessing a site where you routinely put in a secure password (your bank or PayPal account), or your bank or credit card details (e.g. Amazon), or other sensitive data".
Published in: General on 2005-06-07