Your Ad Here Your Ad Here
Results 1 to 6 of 6

Thread: Firefox Flaw Could Let Attackers Change Cookies

  1. #1
    Hairbautt's Avatar *haircut
    Join Date
    Jul 2004
    A bug was recently uncovered in Firefox that could allow a malicious Web site to appear authentic.

    The bug affects the way Firefox handles writing to the "location.hostname" DOM property, according to a posting by security researcher Michal Zalewski on the security mailing list Full Disclosure. The vulnerability could potentially allow a malicious Web site to manipulate the authentication cookies for a third-party Web site.

    By bypassing same-origin policy, attackers can possibly tamper with the way these sites are displayed or how they work. For users, this means the bug could allow for the browser to appear as if the user were connecting to a bank, when in fact the user would instead be receiving data from an attacker.

    "This flaw is at the core of phishing attack[s]," said Natalie Lambert, an analyst with Forrester Research. "The ability to mask the real site a user is visiting is how phishing attacks are successful. So, the threat of this vulnerability is large."

    This vulnerability was tested using Firefox 2.0.01. Though the bug was listed as resolved, Mozilla security chief Window Snyder said they will be addressing the vulnerability in the next update to Firefox, version

    "We have not heard of any reported exploits," he said. "However, we're working to address the issue as quickly as possible to minimize the window of risk. Mozilla takes security vulnerabilities very seriously, and our community of users can be assured that we are working hard to resolve this."

    David Frazer, director of technology services at F-Secure, urged users to make sure they have the automatic updates for Firefox set to on.

    Check out's Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK's Security Watch blog.

    Source: Yahoo! News
    For the FF fans.
    Last edited by Alien5; Jun 6th, 2006 at
    06:36 PM..

  2. News (Archive)   -   #2
    tesco's Avatar woowoo
    Join Date
    Aug 2003

    Thanks, will look out for new version.

  3. News (Archive)   -   #3
    peat moss's Avatar Software Farmer BT Rep: +15BT Rep +15BT Rep +15
    Join Date
    May 2003
    Delta B.C. Canada
    Soooooooo whens the patch coming out today ,tomorrow ?

  4. News (Archive)   -   #4
    Colt Seevers's Avatar P()()p!3 $CR/-\P3R$ BT Rep: +3
    Join Date
    Oct 2002
    Opera FTW!

  5. News (Archive)   -   #5
    BANNED BT Rep: +45BT Rep +45BT Rep +45BT Rep +45BT Rep +45BT Rep +45BT Rep +45BT Rep +45BT Rep +45
    Join Date
    Dec 2006
    try to get the latest version & all gonna be okay

  6. News (Archive)   -   #6
    Poster BT Rep: +11BT Rep +11BT Rep +11
    Join Date
    Nov 2006
    Thanks for the heads up on this one Hairbautt. Here's hoping that the firefox team can release a patch soon. Does anyone know of a workaround until a new version is out?


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts