Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Spoofing Risk Returns to Mozilla Browsers



 By: Matthew Hicks
2005-06-06
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Mozilla's Firefox and other browsers are open to an old frame-injection vulnerability that was previously fixed, security researcher Secunia reports.

A Web browser spoofing vulnerability has returned to plague the latest version of Mozilla Firefox and other Mozilla browsers, a security researcher reported Monday.

The seven-year-old frame-injection vulnerability could allow an attacker to load malicious content in the browser window of a trusted Web site, reported Secunia, a Denmark-based security company.

The problem lies in the way the browsers handle frames, which are a mechanism by which a site can load more than one HTML document in the same browser window.

Resource Library:
In a security alert, Secunia said it had confirmed the vulnerability in Firefox 1.0.4, Mozilla and Version 0.8.4 of the Camino browser for Mac OS X.

The frame-injection vulnerability was last reported by Secunia in July 2004, at which time the updated versions of Mozilla browsers were unaffected while many competing browsers were vulnerable.

Click here to read more about the rise of script-injection attacks, which aim to lure users into giving up sensitive information.

A spokesperson for the Mozilla Foundation said the open-source project was investigating the reported vulnerability.

Based on a bug report in Mozillas Bugzilla tracking system and postings in Mozilla support forums, the return of the frame-injection vulnerability appears to also affect the alpha version of Firefox 1.1 for developers, named Deer Park Alpha 1.

Secunia rated the vulnerability as "moderately critical" and suggests that users not browse unknown Web sites while viewing a trusted site.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: Spoofing Risk Returns to Mozilla Browsers
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Matthew Hicks
 


x}v6Ew>-5-nOgw"!1EjHʶ?ٗg*BI|Nږ*T b;?{{~$rȥklJ'{>D{{}.P`S/92p=z#m)>M3ȩ 5w85Gl&J{'ATGj hKxgMFlMe#k`p,FcwM5drZC'AjZ6(CJex$zwzH~ThG⻶eMaoF w"Ntod9 Q!)*F(B(?Cs?9zN0/P8b̪Ҵv;PU{a跆 /\1r.b,{{w4ɿTݑu:G -,2M*-f:9z u v=r@Ju3' =K;O=kN]w=jP?B1 I uBأzr(˺7hmwyaijTӪrT5X;rދ&1߶٣K;QoKB)(U:GlݹжD^׵Vlt|j]\[>r m> NַRߘ+0QT&*rp4I2I 1v`jjw{`%rMwJzQ߸pKX+hvdꑑf1O=˧0_8RCf9n{򳹥uk\ߴ-kߴ[g>ߘekfy3?b Jw3D~ VgmuniSEVJAe ķLJsi ":urPsnZ{c&Ә& 9B:A`̺NR49Vϡ8蟱"Wm4@r5+6B̄H )F7R<&,)|YB* brݢPP3nS%EI7#DD vx7"ʥep1SMңTsQ iغ\48?]7+De., s5-wnzaZTpx3j7Sҽ\u;6?`Ub}PhvZMCqkuTSt*Zl:76)Ab 6p-~~l2B cLt ` 0hvz?>PӚMqOCGs>H26ml8-ƹ" ,70}HG:рI470x=sOg6%_¤>< V=H:7(Z\χ`#aȖC&@B랂9׻ޚ<Qûi`y1զOACơ@XzC `SPl~[>l038N\IQo ЧbdQJ ds 4.gP)AH =k \99 ŊH^KHX-Vp։p (=HpGn_-KEs㕰TL٣B Y/_2[3CCɴa6X9{DMfT`B[ᛥLKak`F^rA+ŲMCAII\ZUj5YQ%[gCי' f0߄#f5mUAJ  |͏U=b$`~f Д +< +1!Y/>uzS܊99IAwew貟Fi_f]ZЬkkH_T:.MB_+ M 2%W0pŗzZG"b j7{\X1-# l,Σh?40%ͿCϞZC>c+UVj0F,m+^ZrirX,y|[lD0(2( 鿙R&a;\ڨ `Ow Asm0Hw[O]< 0f&6XC˦>ouqAʫ%uV!f6,ƴ'i?H|A2eh &GmܡkC6euEsƱ4St%ri9h& gրziDe˜,^a' #ؚð{N~SmG3;䆻7!`T#fx:qv*w[O;$!WTͶwAQ xH1M8vهM1GgE; :7a/)epIl_\À>B SL@ΧrE\ ~1~1UŠP=I  Cgw`u$oL;*9K.̟  sFWyYFfZ?KyT+BZm&VVR娨V*\Iq)4d1k`~:'F2Mg֧{`3|xk}Km˰p1cZ$ c`׊._kOWbL['ȂX hO7`sg'k0MCV0& H*hІ{egjڳVU;OP(;Ђ>k-4g{J;dXE;WԲ'**5P6>*09g~kkJ$؃S1>L:}\WJZPk{>`,B[$ zXÈ h<qŁZ ) 58s;`[ kf+,s J(ʹV(EcTEdjCN=Dp?n216Em/POG]մR/19|6tY]g`&vѯJU05֬u2 \S 1l*UcG3~:i1maNx[2$@dѮ9+NQFWK劭|jZ}tNNxT!"kq(n| #;"#^ dkM-lu*%\.Yi r#ctSe}{c27OwOUUAS<:h3$_P@hOXM\ ?k7Ṹ$2CL laƭbR/\f ?+>TaDU }5ӑ?>nVɍGZV/fIRTP]\H&#UX)TԒP/YTAtU素vdix;L5Lfl'P`Q(S&ZD}Rx*+Q/ew>Q? &i^IW:.Wky*6o%vem"XI78CְK##nƝj`-ӪV$,: 2,qvë eVqm^?2Z cS7aԏZU{?"}QLp^pR t(+mIAcgtּl_|>LX8םn\V#rj8E)ji%|i/RCR:"+MթԾl~hi\}dLR(I]0|r̡q醷a؆.Zg0BV@ID&ǝ^s)\6o>ėO:h_cxεhd&CypuU4)$EyfShmǛ&aV5!xidJ Z_ƥssں̂1 a՜$"1jr MN3dnX ʆqH_aߪ,d"0.WtrăyE9pǀzB*q^_4?Goku؋N' m 08S*QW"REh%IA%N:7Mz5E_%'K+ eR-[N7S+tYD_q+5kNz4 \1[5ntD:dNlp j_aESrgF4/E/pCZiuz{HƖiR'D3pu*d hwl)~r/wg%;H,PmY+LB$/i\A1'͋p!,GDxeNx>IБ[#=p>~⌜003|m6Hf0>oR8i?{ѽs¹"Pq[:+`){b{I6$BUUk ;Ⱦ\EVe.tՕ^Vxc+> _boZ`@L6COf=KgΑ=#tzoo=إG֛%<A?=lI>]bwP{<_hbO$J骇\%(<]MT--^\RK>\+U@< bXI{Oz[N Ȧ7S'cef7XCŸA!{ze7mMNi j&Όs$;grោJ6wVp. Ϧv_ O%FJ-cmێ!%/hvpU4"[y"N0~1 ߊ;bE Imi|o(o'򽥎xk6RKg/;L_lZS| \(.BӞ <ߌ zqk+B<ыO\m1-[}Ol{2 Za72ϦΒYf] J'62tgqT, }I`ORtixV:"]TKgX" |B27it9ǒv\1^h">Xmʐu%)݆/vzS)kE&Gȷ r{|iaS:]~)!L}ӏJvP՝/ '|+]>`AԒ D|Zs$N}? ;RcJG>'1]w}hpqe܂scוкqhD1?Y8Ҳ0I,O bcwE9yq.f~?LÏ, ,ʠysAcs!-K̐ys!NM^>v8,m(^Ū~=zg[Q§Q?ZgYE*T_d&߫G&N8XiA鑒%&~>W[xD(u` UH^5DZtJ>ab9oph<c(˺Mo(lX(B0ID+J4Z)1Z3Gt(ڼI!G OGj3b q(^o+R |`'wBX'@/^뎻!Q7 Q>,%p)pl!^J|uIU%6^k/'{gQ@j=N]JǞcflɛ֌f$l-L|Y;MwYRTn;݅K7˶uAN) R 7Szd3[b`$*FOFH xB] 4Ji[*r@\UMQ$Qr&t;#}J]И@JPUƀB` H!<^MBrHnjնeҋw1\'XV(ě ]ΚG:eu͘HnFN\PPll/Eyf"aH"Tl$iBepG@ JB'qR3]W=*"4 Z-Uo"r /"12}IT7tβD.k6%,r@ A(D@T:zcRL4j^!h^⼮DU,Ě)͉g~{A.{a5@iH$aYdxR-٩b:Hv_/@!>"j\k4t?8dK.k s11zg~enPml_u$wZ~O7fwaK &B߈l$klT)s x/ RlMHl:5l*<*_Yλh_Бnp  X0>{y[4!1_6 z5Ӿ:kCaЬB{߭ev}xcyˡGѷݑۯ^ѐ#` +lymf4LܛSݶ[l^HjoU{qߚ'Ĭ K㘙um.mo QBkz}XoiN<*֔fERsom-{o }_mau^Ǎ<}: dUֈYޣ.eLzUZf{-cN{{<y{©YKjl&NKD:`ѿҷƅ+VD 2%Jf61L`p7DXȓ z`]g54޵7 5'lo]"Ҷp=zlqN^0}|W+iۋ@{12Iq!)Zv8S[xv1̤A1.&jc"4? egܫ=dx ac`G^;P`ڀ)ZWqic2sO96@gjF[?Cb$ZcH\/ :â="LF{4‹R\4k['xL7v).FLyJQXCJ:**5^;{e駰#SHƭDCঀ_ >=<oZA 5v߂xf X++F8\{F9/02n?mtE~_(&-6F%8BYæ B(HhF]ꐂEl!}y5F?PM={,Dnt Q+".]hPVô-?@O]ILa!/(!/D.~aI{m..$9 auEMm&ݴ R0_1V&gBA8AXJo,"hvy񡏙pD]bɤS  /(_Z6DPs}.✚MEfAȢw\f9ޔUZrq^XuZ.˘xV@THk̘x'hvlMz ytJu*Z!ѥFCn1lcwY]13bcG:ym+=Q6j=#vϦ~݄WzW@O[jkw0sD0^YձHۙlݹ[]<5<+ڢ Rt_#q+K'=y lMZk!')3"[Gmt T?^-TsZ.Wz`NF˛v"AfkǷxYO># G0eۡ/0Ÿm54Qkڕ BS)|9W]KjL_"|XdGN/0۱J R ݛ/RRmF νz?bu{ι\`{qRn/ L6Ƕl[ͳva~DuvH1tNuGw,@8(=`oMaTJo[ J=z%rk1f=0(FU0[J `,UeUh9!mf^(phtix#+9ǘ\TbЭB1˪M;IP}sY?e=`'2u/xyB G=J~#&m}+4'-Rl1̦A2"JtMx0L)|C7)(ʁޒ>i?}A6ڈyi$٠BcMr/o\IxC#֔kgvwg-dG>}GDג:KNANxlV _΂-Y GлlŗtS!圭#!+A1HGT~g[?\uR0F$u*̀ ZEhvIED#ThbGB#&nI79kN-i`Kk‚0'd Dps=xH 1bx 1[tDW60^ S}%ߺH"V8s =J< rq׺H,/@Dp7 Q:!.( oIYP,(ϏB5DuKJ8Tmn$zs ސ51 Ss>"(n&.t>?OGAa2?Mt27`q &V pϒwy6t0^Q1e&|%nKM Kjq$P!%h$`x=9aday~OǖH_P>bJU(IhRW|W |+V01bU-%^LWG^ߧx,a?r㷽-4W )WPx s#ChdS:>ƺsןcʃgrֹ!MrvjM\E_¾V-r5=uwN?t?Z7K+1F;:}^+LJrdeAή-f(ND3\h^Epɂw]%顱8/^;'Q]lXVCĨ~4aa01S<=iuZ6Z[NAyY/N|NǗ%/֔fySMaNwR\js@1@C|m]Nzs5BJu?C@/7P~ (@y'9hp(?g@ |Pq}y;8o/oӌr_;c|i_ek( ח_ 5.3_f^fsAK2K Oѫ >As(?(-/3a~2 *C~`2d:_::?uF  7_/z/1>ArS~~2w Y{ f wɵN2!(ofY7NT8\8_JeY+ OY尅:(Ay>++P/nt2 : 3/^}NV&/ir_!,.5PUk oY[ݲq ?&vt{ U K]<rx$| #r+⵵}겵E}h#5]Yj8“mϋ1y}weӾσfW}8xZLԹʒGpoQV"#<5 |u*?az:x}fOvHyѿn~hlR/O>*8uߚLYu8% {Y&@Y8'}R?pp73@t5^iB97F; P7maI䦳T.jZQo\)Uʹ俒$2Lz@ L]HMjJUNmJTL3BAzg ]gۦJ̾ZCOfȳRLu+k %1@OÙEG)o'q%B4{PoڪmV=ȾwF=8JN)YF D zuRK}L .LESzq;k#8,_bY\sXC,['lybb+mԿcrц69F\$ǖ~=I_\#Ueaaw./ ]C?wo p^1Q.`=̲x3#i^jIc4s/ jb51e3 Ӯcꐞ{^A{r 1-Xhkоh8b-V$Ƕ1꯿J`Xo4|u'W:+Ff\rw^f$ZA+_wa۝Z. S@q8An纓sX00wPw-['/Ձ&}~jX3!?gnIT7|^B7D6ޠџ eF`O]WnBaIgLE5)79}0D˄,YZcm%^WJLƎ$z S߁93r^ \ɡ=$|T.q 5kEEבE,.NhӂZ{J͂dX..`'=ס eԿtU_ r:'쭰F li_3QNǮ'}M=>qPւ)ՆIv M^{3D3dưF< RȸH Ղ['rF+3௚F3qyU YT8[D~"w]ΕJr.Q ?`n6RW}x/ē_| 3/bz`#Yұ ߚP TDOY"vy9m$Ki[QڗE@1a%_!l;F>Z& ]*IxrHq@>~EE~!O' ϻHj( I`S 1|j7;Zqp9abV)qdFO?5o'[nI 5E`0v- )ych*>% o ixMxs!A]=_v{[~%_OxƮ~뷀ne Lt0al0n>ʷQ$L{s>zQ[tEVb05yM&nKp ?dtE#b[p!@>pM'2QTD Q)Ybd횙/-rxgsg_(,Wvm:mmlP/>uOW]Q'aJ׼t{%!Ү\)vbʥ.Sܟ=CaC"]/,{ QFbf]9N]R ,c<ԭ<P0_C^&?c5Vqٮ7G,cݴKQaW:6n uywXL7﹨]eCFP1Wov$ѿ9V0|6,lp/>&燸[0tczNozO϶p2$82mpCikZK0Dq] XǢȖwqTR:!; /88x[5K#fEVj0gn~ӣV<˜4WvQĶqyuc~ږ10#ŸErN,ɀGjVkkd'KWܵ1_^٢#"|ga)HAy,O~փ!gk݄y6{a+cPMXjcL1GY