Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Spoofing Risk Returns to Mozilla Browsers



 By: Matthew Hicks
2005-06-06
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Mozilla's Firefox and other browsers are open to an old frame-injection vulnerability that was previously fixed, security researcher Secunia reports.

A Web browser spoofing vulnerability has returned to plague the latest version of Mozilla Firefox and other Mozilla browsers, a security researcher reported Monday.

The seven-year-old frame-injection vulnerability could allow an attacker to load malicious content in the browser window of a trusted Web site, reported Secunia, a Denmark-based security company.

The problem lies in the way the browsers handle frames, which are a mechanism by which a site can load more than one HTML document in the same browser window.

Resource Library:
In a security alert, Secunia said it had confirmed the vulnerability in Firefox 1.0.4, Mozilla and Version 0.8.4 of the Camino browser for Mac OS X.

The frame-injection vulnerability was last reported by Secunia in July 2004, at which time the updated versions of Mozilla browsers were unaffected while many competing browsers were vulnerable.

Click here to read more about the rise of script-injection attacks, which aim to lure users into giving up sensitive information.

A spokesperson for the Mozilla Foundation said the open-source project was investigating the reported vulnerability.

Based on a bug report in Mozillas Bugzilla tracking system and postings in Mozilla support forums, the return of the frame-injection vulnerability appears to also affect the alpha version of Firefox 1.1 for developers, named Deer Park Alpha 1.

Secunia rated the vulnerability as "moderately critical" and suggests that users not browse unknown Web sites while viewing a trusted site.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: Spoofing Risk Returns to Mozilla Browsers
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Matthew Hicks
 


xr8 Vﴫ昢H:d[.kڶ<<ջZ$)CRսľ_&t$_=geK@&2D"?Hp4ô1f%STI}"IͽhC(~0`)_rdxBԲ|WR #Yntj5w5Gl$J A :':DPL9 }ٜjc7h2 Xm (kzZC'Ajm(CJx$Z=$? w,8";|w* pTƦ;=aR!U5EhD#|Ow>ȀYF {.Q^Z -GZb'UƞͰ*[ƋaF.91rx&Լ;@ *YsDƞ4IC d!LJA`:t,#c9 NRY RiSӂhYlɧ9\gԏPL0H<~0[ QM%$7 .nq_)'0/`=2}h .* }--:l<$..8ac6 c Tw<-0;DL<:j/yÙ[~i ݑuV(JP?*62٣SughkPQTP_:9~`hiv$: eUs ^_D_"0QYTţi|/ Z@ WP u/kzQҏZ-o[zQ-GjR;ғ,f3} 3+i3,ǝqT~6NMN l,aZUU 2Z*]鬘FȏNժsuڽ푳 9m{ _GtH  Wh: NZV1?qj{ dP[w8LwZ\ ?vO_d@Odx"˧S0io,Yn_H.)ż,>JAfk7 Jse)":sP;L}ƊN(zZP G/<@#X] p3Z&9T23<MH:Ɯ5ņ])!exN-IK _{@@jR~nV(nSB!ތEU<8vwެ.Uմ޹-~iKsqiuO^ S%g 5F8 ,heݴ%!8WGojۛjRMUfvTR8-b(7Z`Lm,5,Ltͬ ϳ`: ivڔz?iSOaΦfۉ9~4$AC66^lK 4}b>'ݨäp;p|g0sJ}S`IE 6]LRml;>tHhS0<xw0ܛ[S衟#]ѽ[:?`= 0.Z- Be^~m¢PşP}MrA=S9ڽfZдc@ra*j +)dj~#J͸^`3h{q#%IAg =e河@t{o%,joEI8a]hk%\<7Bɶ/^[aa6EYQ^RKHD@CR)Ե aY^`(ytM̆Т=iM*cc9m |?U.*r-}d2wjeV9,Wf (MwC~0;[0P.m^φgVމu<|$=r;6: /6*'||0ː ;qJkX"L U)=t%\42.|O V,'0{sgбSabia;k/ UK_HQ6nm V!҇D+ه0`L E5_GN6R^)#{0iTWʅĤ'I?րH{A2,e,rFe9لAٌs\}ZJ\,8Ro>U< đMTb0vQغUwPySc4ưv wDwHm [LglQIBOB%)` L] T<5&y;# F6. G\ //Pb% PT1"&cYEǖ`T۔Ђ;|T=?cK&GpӞrFVyYBf?K#~ԪbVmZQrTU߬ L3)' Sf| N|_ޝ?S}`1{K> `3\xkm`x䓋 ,*`ز|˘7 iX/I3$#v+TNJ R0=Gf^9/즮?!'#`POT<]w\܁c:P=H(T\g7cMEH]ac6U{z@n)Zڽ/''vh6>37}&mno^{y˙yrN?dZIp|]avKrekH˷"gfjso鸙 y@<sEU _ b&T~\{YRglg^c+:>e6e'}^FpaqgXf| wl>s3ѻMkls Kq3`9S"豥mBt`۠j"lγ>A>qHl\K/ ~'U`'wMBPr\HÞ1|M}Yy>uǭi lmSQ ;&KDVжU0H z.qLspIe>Oe7UEldb 8)LUKj{[ S/0ւBMAh|?|{AcEiܨxkc_(OU?FR޶j CoED\uO*9 ^  lZv~XC+kpo= 2j>uRafK'2_vܖ[J,]A>a halrKz]wѺZC8̕5%8IXU\%=QX4 Z̏T!wsZb()gI; cg?fmy:J"{q2N<{>kq 4 }U\qHGV-|~::m~61z˾NIU$(Xq4qߵ!s'^y {{:=\}nxm}#8-odD4recJ|I{ѽGE-%{wEs5ADHǫC䄬W!yN.ڭFSLo2YGR_=ֈȰR Z_ƥ{sھ̂ Ӝ$"Z*?N3dn *~Z_aZXȬE`|CL($0‘=`=`VN%:\b/$VB R`2"(BS.iDO§,}ҽiq3 lo}AFJN^vZ-[I7S+t,#=]/8ʚ=?UN:|&݋B2Nlp j_tz`ESrfF4/%a.[in}z{H&aP;DZ3pu*hhwl)~ڲOCTդ g껰Ϋ؉C6OY`0!9+|){~T׫۾Nm3ytl=O$ ؑqDt2Ti\'3X6r=hrrӅ[ey$smCڜٱDM~zv`蚳)o. }g-{oCĆ'_'p65xfV،SLsPb Lt4+dXZ'3V5;#~wүwI)w}cwF.27i1ǒN\C1VϨ">6-J54ېn39,TR.Gwl eXtqnɼǃENk99# mӏb'm37_+'<.t iIDCkx_X|t|d9OeE%"OVUg?K8X2Yn9Dh]NJl<>zZ<.d(΀,L8SB^'|Lt}9'1bV:ì~q ]Y_61_|6#Eroa^w Jv:bbhdI8/Cch˚E``]{;,W)\$rB4j91j_d\=PeAyAF #Xn T}NOOxI҈{PJ܁IlˤƟhςXf3TJLCT S!ߥݨxo4eAЌGXiIǸbkPse9s҉3{lLo.a+P6@5q:]XHI| ?`YT Dm4݅E-o+,Wei }B}P'`Rox`$FǟBOAJ;WEBۚJ/_'sgRM!]ǧұ& [IaFjoe qħUp+RQvOnf-UOfDa Ϧ7%Uk8pV0E,|fk=C^KB7bfҶRyMS D@ꅂ$ZrN>X fJVd C_PE>{yY)4 ɱ# A}[6$Եu֩#<7-@Ǔ>,z4 : W*B9x'!x'1xtAD#[P*$|V'(:e+_f5eq$yKm$!ၬhgAz-ý]ki Q83DaF;ǓT[ q,'ޱ x:NjSlemfWqᄒj}-.Ӫ=W9p+ Zi< I3!7^Hcke"vxT&ݥeW|ߣ^Y?`Cpob䭼d??ߋ. ?S H?I5?4OXD2E / x8n =k8Vp5/c7W'|ot+KJAk('>?FwF--U6ZG9 nb,\*VM BaD0‡zqa{BXEwm8@Drv5Pr@e2~bbPHB!h5% Zk^Yr+ȈZab\!1cTA_es{ɣ.j"r*jD:->K5=g5̈ xc; pWec;5nPs3Oi<1E7Zzxh<ՉH -;[n'/,b'c0/Ř0/RVIa< Ӡ9..֐axO2J\d9_K>HP.$zzOq1H0ópr|w\׻5(p QqAHw 0޻K{YV^]COx܌1NgvINyюM-۠[.н"%&hPjߛcj۫u %ge|0̊۲Tm5΅4 ¨ӔEJL`srٚmj6A`!;Rp߷~uF0c[q{Za̮oaD+ )m3FwG#SOcSPC c  Ƅ[)RUfwܠ~z*ڟOeh^nn+j(ȚXt "J KʹX62)(17m̤kV0PwA>po<|W,TZ~O"?{|fـjcEl~E:tdK6Ƚ;"&s'؏p mS;"΀!,E||z['AU}H?Km1n+62sՈ^_پmA~hu.Uw7=C;3&27`#o ^MmNG7>׿wOlxr`]Q sM,ayD8x{φ\o|J7[>BZs4pLF^^(b8$u*C:΀ lZMhuIED#ThbGB#&^I79kO-i`Ik0'ld Dps'_A1ZL˿IS 0E T&}fAm??&~eKL)awSos# h_𮱙M0 Lma`t.Pu>Mݣ0]Ln 0OYKw`C'[B@ g>򽉡0u3[s3RC´vxjT+mB<䱤Pl <'מO릧 u;1u_F`p3W .Ԕj> MZ E>gٕa)豢' _coSwV7+ʟX{z+i+* 9I͑;*YI8 &O=lFLf r5[_YMMz{'7~{E[<m[8Z?N9~9^9\o:W}fbv>L5m^h+LJY22 gW6Sfr=Zsm.4 Epɂw]%;飱8/fR(/6PJE_VCTW~0`b_)o޴{=5Z[[AeN|vuI:|jQ=[}uR\&7bQ׾hIk&5/m];^dd f@pj+ ݌rSi;O֗}21?A\󼳾skvN3ʡsQd^K/ Y_~/2l׼K2K{AKe}. /?/32?QF2 3ϡ/ydֺ+_F+p'k͠6K搧H>Y;yx߇ߊD+,#y e%Hi0\͇^x7_~J'܌ӃX'n:/i5i\.׭mОMEACaGӠS7Us !Qa7Ejo2x sG)螡Z(oF m̹H|7v1X1-H$ΆR% J\䎾ߓJn0lzp@Dd1!5JA._$`rXRKUrF(xफ़h[iRoh yVi8an%[z"z5xm4Dw+cZAV7/tj^"_v3:mc(2bb{ˈT`TlJx qf|L:AÆoj/XbKZ;c`\';=2gbIXƿ`ƹr2AK[h =xqnڔSx3l1@Щ zJKMfDr&ߢ)tO /AD[erJY?g~ǭd<@T6߱ @/^.c˃a.yCwi`b9Lׇ#<0 ;V.̗zEǻ80~.Ťe @ NӮ{ -LHZ~nuyZqMd} $#0qcOil@O X3Wd]d A_d|bOh6Mx[o/TùLHd v"ѱwlPFK7 "s HaCvk2}jQwh}v:פX3eoM"m,?hPQ"qm(!3Qs4FZY{N6 )4Mϫ΢R$[[wq;W*aʹD.v J]H1> N_dvO~5Bp|"ϷϒezLU"zʴtDl3%Y Io=Gmk_VeńK!z>^I;.~=M^T~7(JrHqpC>~؋|%Og ϻH(tI`S & 1|j7;3mZٱs1ebV!qdfӧ[7-[$@O" <ձ]wqE4znG}޴_lƘJ:Ɛ=-)0p,\f@6C|eKoz7k;ܨNA"+1<&'Fߟ2"L- Ԣ?MSg(\*],1Ał?vLw699 3/&U@EqDgPv;mmlP/>¼yOW=Ofuݍ2J׼tmk%C>KrX}P/):OOgsZ%n_Ho".ݖnFTt %K@4z q얢U.nDl`aA0n,ـ&@/lr=Vc:pSz / XCڢZ-®":q`x];<k{.^Uc׮2X#+ 7I;s[__{0|6,lp/>&G[0tczw^=קg[8KIJ y2 !δZx[K 0Dq] XǢȖWqTR:!; /D?8x}5K#fE1[Rj8gn~ӧf<˜4W6IĶqy5}~X>0#ŸErsg#^=u%ӫrXulQozc|>[z0XjPtP9˓_ a0+=:`-hs&ǢxQ9|v19&Y)>ٔ6s3a=U`0MZ.<'ȳ(`,Lv"VKjMΡmbpR!*acT 1L(T,RY7Wv!Zy΋|E>WNENE<<Sf )E|1GǩW3.rW?aMdh/]7,{՗Z/<|Xyx(']f(FRqO\||<(>^tob34N~xtu*/Z(Ksx{sN`){׭xY޿`(XE Ch⍿#0146]h(jE&I#;ov[b$- U.IPvᷮ g۲M* d.%rR[_fTNƇN wm&l2)v}ml-c6C-{?*^2'