On TechRepublic: Why Android beats iPhone
BNET Business Network:
BNET
TechRepublic
ZDNet
335 TalkBacks

By Joris Evers
Posted on ZDNet News: Jun 6, 2005 8:52:00 PM

A 7-year-old flaw that could let an attacker place malicious content on trusted Web sites has resurfaced in the most recent Firefox browser, Secunia has warned.

The flaw, which also affects some other Mozilla Foundation programs, lies in the way the software handles frames, which are a way of showing Web content in separate parts of the browser window. The applications don't check whether the frames displayed in a single window all originate from the same Web site, Secunia said in an advisory on Monday. Firefox 1.x, Mozilla 1.7.x and Camino 0.x versions are vulnerable to the flaw, the security monitoring company said.

As a result, an attacker could insert content into a frame on a trusted Web site, Secunia said. Account holders who believe they are interacting with a frame belonging to an online bank could be tricked into giving up personal information or downloading malicious code, for example. Secunia rated the issue "moderately critical."

The same "frame injection" vulnerability in Mozilla's browsers was detailed by Secunia in July of last year. At the time, it did not affect the most recent versions of the applications.

For a spoofing attempt to work, a surfer would need to have both the attacker's Web site and a trusted Web site open in different windows. A click on a link on the malicious site would then display the attacker's content in a frame on the trusted Web site, Secunia said. The company advised people not to visit trusted and untrusted Web sites at the same time.

The Mozilla Foundation is investigating the Secunia report, a representative for the organization said.

The vulnerability has not been exploited, a moderator of a support forum on the Mozilla Web site wrote Monday, in response to the Secunia alert.

For protection, the moderator advises people to close all other windows and tabs before accessing a Web site such as a bank or online store that requires them to type in personal data.

With its initial release last fall, Firefox has demonstrated that the mature Web browser market dominated by Microsoft's Internet Explorer can be shaken up. IE has begun to see its market share dip slightly--a first in a number of years.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 335 Talkback(s)
Yes .... indirectly
I had to try to clear out 439 pieces of spyware in a client's pc thanx to IE. We ended up reformatting it because we couldn't get rid of 13 of them. The WINDOWS directory was a disaster! All from IE!!!... (Read the rest)
Posted by: rick752 Posted on: 06/13/05 You are currently: a Guest | | Terms of Use
Firefox Sucks Firefox Is A Piece Of Crap, Firefox Is Useless!!!!  itanalyst | 06/06/05
Firefox  dboid | 06/06/05
You don't read these pages often, do you?  balsover | 06/06/05
Spoofing Flaw...  Dave 628 | 06/06/05
yep, exactly... happy  balsover | 06/06/05
I am surprised  TrueSpeak | 06/06/05
Sarcasm comprehension = nil  jmervyn | 06/07/05
The Pot Calling The Kettle Black  mlehiste | 06/07/05
Firefox can't display IE developed pages  mdsmedia | 06/07/05
MS Design  Brickell | 06/07/05
i had to fix some of my pages  linuxoverwindows | 06/08/05
Don't blame MS totally  GetReal-mac.com | 06/08/05
There are better ways  uno@... | 06/09/05
IE vs. Mozilla/Firefox  glassangel | 06/10/05
You are so centered with attacking IE that...  mlehiste | 06/08/05
Then try Opera  wexwimpy@... | 06/08/05
Won't help  uno@... | 06/09/05
IE Sucks IE Is A Piece Of Crap, IE Is Useless  linuxoverwindows | 06/08/05
hook line and sinker! lmao  linuxoverwindows | 06/08/05
Firefox is only software  balsover | 06/06/05
Re: Firefox is only software,,,  ladyjet@... | 06/06/05
WHAT!?!?!  linuxoverwindows | 06/08/05
Dude, get a reality check  mlehiste | 06/08/05
wow, mamma always sez...  linuxoverwindows | 06/08/05
You are so,so sad!  GetReal-mac.com | 06/08/05
hellooo?  linuxoverwindows | 06/08/05
We seem to be REALLY worried about this one...  nutscraper | 06/06/05
The people that would usually be making the noise  balsover | 06/06/05
Paucity of whine . . .  conleytgwinn | 06/06/05
Problem is NOBODY CARES  IceTheNet@... | 06/06/05
It's in the thread about the new "Mattel" Box  The King's Servant | 06/06/05
This comment is pathetic!  paddy@... | 06/06/05
Pathetic?  CodeBubba | 06/06/05
Booooorrrrrriiiiiiinnnnnnggggg  CntrySqr | 06/07/05
i use both  linuxoverwindows | 06/08/05
lmao...what's really pathetic  IT Scion | 06/06/05
Sarcasm  CodeBubba | 06/07/05
Feeble attempt at sarcasm  John L. Ries | 06/06/05
Mike Cox is better at this, you need practice  balsover | 06/06/05
i spoke with mike cox' rep...  linuxoverwindows | 06/08/05
If I was Mike Or No_Ax....  Jimmy Jello | 06/06/05
I am in total agreement with this sane reaction  SharonTTT | 06/06/05
Reactions  CodeBubba | 06/07/05
you forgot to mention their hypocrisy ...  lalogos | 06/08/05
huh?  linuxoverwindows | 06/08/05
*blam!*  eLurker | 06/08/05
*kazowie*  linuxoverwindows | 06/08/05
WOW  bh325 | 06/06/05
You know...  Jimmy Jello | 06/06/05
Don't blame the user for everything  cdgoldin | 06/06/05
antivirus has already been compromised  linuxoverwindows | 06/08/05
Why would mozilla bother?  pierrejvr | 06/07/05
so far...  linuxoverwindows | 06/08/05
if everyone knew better  linuxoverwindows | 06/08/05
Mental Health is so rare  SharonTTT | 06/06/05
... and everyone is so quick to criticize!  cdgoldin | 06/06/05
not really...  linuxoverwindows | 06/08/05
Giving press  SantiagoCrespo | 06/06/05
on and on and on  linuxoverwindows | 06/08/05
I sit in awe...  numb nads | 06/06/05
That was just beautiful  Jimmy Jello | 06/06/05
The Best Post Ever  IceTheNet@... | 06/06/05
Sacrilege!!  The King's Servant | 06/06/05
I didn't say everyone here's stupid...  numb nads | 06/07/05
if you cant beat them...  linuxoverwindows | 06/08/05
Re: I sit in awe...  node357 | 06/08/05
i use other forums to help people.  linuxoverwindows | 06/08/05
The Itanalyst  snowbeard | 06/06/05
You are no better  Jimmy Jello | 06/06/05
Message has been deleted.  IceTheNet@... | 06/06/05
yeah yeah  Jimmy Jello | 06/06/05
Am I the only one who notices he's joking?-nt  emcee_z | 06/06/05
Apparently...  Wolfie2K3 | 06/06/05
Nope!  The King's Servant | 06/06/05
the early bird...  linuxoverwindows | 06/08/05
FireFox  denomic | 06/07/05
Only a 1.0  UncleBubba | 06/07/05
Wow, Thanks For Showing Me How Gullible And STUPID You Are  itanalyst | 06/07/05
Now, be fair.  Joel R | 06/07/05
have to clear this up  eLurker | 06/08/05
yeah, mike is good  linuxoverwindows | 06/08/05
It needs massive refinement  osreinstall | 06/08/05
How intelligent  Siriusdeleon | 06/08/05
Add me  dch48 | 06/08/05
as was your post...  linuxoverwindows | 06/08/05
8.5, No Mention of SW Rep. (nt)  tbbrickster_z | 06/09/05
Why would you allow this to happen  voska | 06/06/05
therein lies the problem my friend  Monkey_MCSE | 06/06/05
Can't fix stupid  bammike | 06/06/05
One possible solution...  John L. Ries | 06/06/05
...  ju1ce | 06/07/05
In the corporate arena...  toadlife | 06/07/05
admin rights...  thutchins | 06/08/05
*cough*job security*/cough*  linuxoverwindows | 06/08/05
Educate the users  John L. Ries | 06/06/05
Consequences!  frabjous | 06/06/05
Agreed (NT)  John L. Ries | 06/06/05
open all your attach'e!  linuxoverwindows | 06/08/05
Why would you open more than one window? Where do you live?  balsover | 06/06/05
That's whats wrong with software...  tmartin827@... | 06/06/05
Good phrase  LoCal | 06/06/05
9.9 for "outdum" Bravo!!! (nt)  tbbrickster_z | 06/09/05
Shouldn't that be OutDumb?  Hrothgar - PCLinuxOS User | 06/10/05
Planet earth. Where do you live?  cdgoldin | 06/06/05
Open as many windows as you want  voska | 06/07/05
still gotta blame both the browser 10% and the user 60%  linuxoverwindows | 06/08/05
ehhh, so what  FilledOut | 06/06/05
A 7-year-old flaw that could let an attacker...  balsover | 06/06/05
here is what you do:  linuxoverwindows | 06/08/05
Value of Open Source  jkohler2 | 06/06/05
Question  jerushy44 | 06/06/05
And hackers can see the flaw with open source  balsover | 06/06/05
You dont know diddly!  paulredmond59 | 06/07/05
Value of Open Source?  dotnetguy | 06/06/05
Value of M$?  drichards1953 | 06/09/05
Value?  cdgoldin | 06/06/05
Value of Open Source = Problem of Open Source  PMC-CON | 06/06/05
Remember . . .  PCcritic | 06/06/05
Memory is such a strange thing  cdgoldin | 06/07/05
Like all maxims, useless  quietLee | 06/07/05
BUT  daddybob34 | 06/08/05
mozilla, firefox spoofing flaws  mzarn1 | 06/06/05
Only ONE? Guess again  balsover | 06/06/05
Stating that it is NOTsuperior when it is, is ignorant.  jrbeaman | 06/06/05
You are entitled to your opinion  balsover | 06/06/05
Flaw  Evaine | 06/06/05
So? They'll have it fixed in a day or so.  sehlat@... | 06/06/05
Means nothing  balsover | 06/06/05
I see you've never authored software.  jrbeaman | 06/06/05
As a matter of fact I have authored software jr  balsover | 06/06/05
Name one.  The King's Servant | 06/06/05
Please tell us the open source fans  wexwimpy@... | 06/10/05
Why now?  immrlizard | 06/07/05
not true  doh123 | 06/07/05
spoofing w/ Mozilla  moneyfarmer | 06/06/05
It will be fixed...stop bitching!  moneyfarmer | 06/06/05
When?  dotnetguy | 06/06/05
I have no doubt that the issue will be quickly addressed  balsover | 06/06/05
When? Faster than IE.  jrbeaman | 06/06/05
How is that proven  dch48 | 06/08/05
I say, in less than ten days.  The King's Servant | 06/06/05
if your "When?" means...  doh123 | 06/07/05
Does vulnerability shake your faith in Microsoft Internet Explorer?  systemcleaner | 06/06/05
You make no sense.  jrbeaman | 06/06/05
You are not so clever, are you?  balsover | 06/06/05
I'm not worried!  mysticrhythms | 06/06/05
Simple response to the M$hills.. Google "unpatched IE flaws"  Xunil_Sierutuf | 06/06/05
as a matter of fact, Google "unpatched Firefox flaws" also works  balsover | 06/06/05
But, have you considered . . .  dalecosp | 06/06/05
How about this one...  toadlife | 06/07/05
doesnt work...  doh123 | 06/07/05
I can't google  IT Scion | 06/06/05
Spoofing flaw resurfaces in Mozilla browsers  romeo74127 | 06/06/05
Spoofing flaw resurfaces in Mozilla browsers  debittle | 06/06/05
It's nothing new, but what's the concern?  wresnick | 06/06/05
Touche', wresnick, my thoughts exactly!  rick752 | 06/06/05
Dammit, I done it again!!  dw5437@... | 06/06/05
Now we need to beat you  balsover | 06/06/05
7 Year Old?  Rdewey | 06/06/05
Firefox is not new  balsover | 06/06/05
flaws  risteard | 06/06/05
(Pretend I'm) Mike Cox - OpenSource Scan  PMC-CON | 06/06/05
Please go away and never ever return.  No_Ax_to_Grind | 06/06/05
And Leave All This Fun to You?  PMC-CON | 06/06/05
6.5 I feel that may be unfair.  The King's Servant | 06/06/05
URGENT -- Please Download FireFox Source  PMC-CON | 06/06/05
Big viral problem - please help!  sabragirl | 06/06/05
Here's some tips:  cbiltcliffe@... | 06/06/05
Hi! Thanks for the tips...more bad news...  sabragirl | 06/08/05
Welcome to the non-modular OS hell  Linux User 147560 | 06/08/05
I object  dch48 | 06/08/05
oops  dch48 | 06/08/05
My first tip...  emcee_z | 06/06/05
my first tip...  sabragirl | 06/08/05
wrong, wrong, wrong  dch48 | 06/08/05
Did you say stick it to Microsoft?  mggordon | 06/08/05
The problem may be a blessing in disguise  cdgoldin | 06/07/05
blessing in disguise  sabragirl | 06/08/05
also wrong  dch48 | 06/08/05
you are SO wrong!  sabragirl | 06/08/05
Do this for pragmatism  osreinstall | 06/09/05
You are correct  IT Scion | 06/08/05
What makes you say that  wexwimpy@... | 06/10/05
Norton stinks  kjonmyway | 06/08/05
Symantec Antivirus  emcee_z | 06/08/05
re: virus  pierrejvr | 06/07/05
My Firefox DOES NOT show the flaw!!!!  rick752 | 06/06/05
Did not work with tabs  Squawkbox | 06/06/05
I CAN'T open a new browser  rick752 | 06/06/05
I reproduced your conditons here  Squawkbox | 06/06/05
I tried it and never got it either...  ju1ce | 06/07/05
Ditto...  Linux User 147560 | 06/07/05
VUNRUBLE TO NETSCAPE 8.0?  jeb_8000 | 06/06/05
Take every......  todbran@... | 06/06/05
Drinking the Kool-Aid  PMC-CON | 06/06/05
I, I, I don't think I can stand the pressue  Squawkbox | 06/06/05
"Single Browser" Mode Kills Exploit!  rick752 | 06/06/05
pot holes,loop holes,mole holes----grand canyon  thumphunts | 06/06/05
Secunia Starting to Bother Me, Lately.  rick752 | 06/06/05
I think you are on to something  Taz_z | 06/06/05
I used Netscape 7.x until one day...  The King's Servant | 06/06/05
Not much of a flaw  emcee_z | 06/06/05
don't forget  rick752 | 06/06/05
Not True  nikoli | 06/07/05
No javascript access to tab  emcee_z | 06/07/05
Not much of a Flaw?  lrocket | 06/08/05
Yes I have.  emcee_z | 06/08/05
Truthfully I have  wexwimpy@... | 06/10/05
Yes .... indirectly  rick752 | 06/13/05
Disappointed in this community  vlevadi@... | 06/06/05
That kind of sounded like an emotional rant to me-nt  emcee_z | 06/06/05
Wasted time reading that  IT Scion | 06/06/05
And your contribution to the tread subject is...  The King's Servant | 06/06/05
mozilla firebox 1.04  zingsings | 06/06/05
My kid kicks me on face while playing.  SAchinChavan.in | 06/06/05
I never put my faith on it anyway, so, why bother ???  iloveie | 06/06/05
Is that you Bill?  WarHippy | 06/06/05
firefox and downloaded unwanted crap  myrddin@... | 06/06/05
Have you hugged your IM client today?  The King's Servant | 06/06/05
LOL  nikoli | 06/07/05
Bet you are running  Linux User 147560 | 06/07/05
Ummmm your problem is not Firefox  Squawkbox | 06/07/05
Firefox dos NOT contain trojans  drichards1953 | 06/09/05
Some please tell me why  IT Scion | 06/06/05
Man bites dog  John L. Ries | 06/06/05
No doubt  IT Scion | 06/07/05
What Vendor?  mggordon | 06/08/05
Nothing in it for the developers?  IT Scion | 06/09/05
Your logic BUURRRNS UUSSS!!!!  Hrothgar - PCLinuxOS User | 06/10/05
You guys asked for it  osreinstall | 06/10/05
Who sayed  wexwimpy@... | 06/11/05
Where have you been?  osreinstall | 06/11/05
Me! Me! Me! I know  Squawkbox | 06/06/05
hehehe  IT Scion | 06/07/05
My guess is....  voska | 06/07/05
Firefox not that new...  vacacaca | 06/08/05
True  IT Scion | 06/08/05
I would gladly put up with a couple of Mozilla flaws to reduce IE use  slackhalyard | 06/06/05
How Does MicroSlam Deal With Competition?  WarHippy | 06/06/05
not serious  Paul G. | 06/06/05
Firefox mythbusted again....  Scrat | 06/07/05
Secunia says...  David Hamilton | 06/07/05
Wanna make a bet?  Taz_z | 06/07/05
Hey knuckle head...  Linux User 147560 | 06/07/05
IE7 will be no more secure  CobraA1 | 06/07/05
Whatcha smokin Willis?  osreinstall | 06/08/05
What kind of idiot...  Scrat | 06/09/05
Scrat, You Lose!  osreinstall | 06/09/05
Safest browser is ...  eroa71@... | 06/07/05
Not only Mozilla  nelsonhf | 06/07/05
but everyone knows...  heml0ck | 06/07/05
About the Firefox flaw  mygirl | 06/07/05
So much for the vaunted Open Source Many Eyes nonsense  quietLee | 06/07/05
How many M$ flaws have been ignored for years?  drichards1953 | 06/09/05
flaw that was found in Mozilla  irishpcdoc | 06/09/05
But...But...But I thought Fireflop was perfect?  benf_z | 06/07/05
A note to the clueless  Crash2100 | 06/07/05
I cannot imagine such a thing.  mggordon | 06/08/05
What's the big deal?  Crash2100 | 06/07/05
Correction  Crash2100 | 06/07/05
This Is An OUTRAGE!!!  nikoli | 06/07/05
Browser Flaws  hdemo | 06/07/05
Get used to it  Crash2100 | 06/07/05
If Ya don't ease up, she'sa gonna blow, Capin!!  WarHippy | 06/08/05
Oh Yeah.......  WarHippy | 06/08/05
What about Mozilla's Spoofstick?  pcproaz@... | 06/07/05
If you get spoofed  jackie40d@... | 06/07/05
Sygate?  WarHippy | 06/08/05
hmmm....... interesting....  robgroh | 06/07/05
Security flaws  joshdcohen@... | 06/07/05
This Spoofing Flaw is in a fully patch IE6 too!  TheBoyBailey | 06/07/05
The same flaw has always been in IE6  Squawkbox | 06/07/05
Nope it's not.  IT Scion | 06/09/05
NBM strikes again  Update victim | 06/07/05
Bunch of wimps!  Spideyguy | 06/07/05
Ooops! Sorry!  Brickell | 06/07/05
This just proves it....  Ishkaboo | 06/07/05
See what i mean??  Ishkaboo | 06/07/05
Hmmmmm  WarHippy | 06/08/05
Ummm talking to yourself are you?  Squawkbox | 06/07/05
Critical  Dave F_z | 06/07/05
Firefox, SPYWARE FREE SINCE LAUNCH  paulredmond59 | 06/07/05
spoofing in Firefox? - not a problem  christyxx1971-20626920484661819398825943764372 | 06/07/05
Closing Statement .... In a Nutshell  rick752 | 06/07/05
trouble with nushells........is that there is a nut inside  Dave F_z | 06/07/05
Maybe mine was a bit of a rant, Dave, but..  rick752 | 06/07/05
If I'm the "go to guy".....  Dave F_z | 06/07/05
LOL .... advice well taken  rick752 | 06/07/05
pIE in the face  paulredmond59 | 06/07/05
mozilla  valleygreen22 | 06/08/05
Two points  BobSchlesinger_z | 06/08/05
That...  todbran@... | 06/08/05
Uhhh  RdeL | 06/09/05
More myths  IT Scion | 06/09/05
I don't get it!  netrocket | 06/08/05
No, I'm Not Excessively Concerned  lbattis@... | 06/08/05
Big deal.  todbran@... | 06/08/05
To answer the question...  dowjonas@... | 06/08/05
Already fixed  ivanii | 06/08/05
ZD... Microsoft whipping boy?  lidavis@... | 06/08/05
I think you are  IT Scion | 06/09/05
Still in calm and for a long time...  Y2j-Hotaru | 06/08/05
Firefox  jrsims@... | 06/08/05
Mozilla Browsers  kalameddine | 06/08/05
Fireflop?  benf_z | 06/08/05
Firefox Browser Defects  d_peters314@... | 06/08/05
The computer industry is like the Old West  zyzzyva57 | 06/08/05
why is anyone surprised?  bpbch | 06/08/05
Ah, well  Middle of the Road | 06/08/05
Apologists abound  Provox DCS | 06/08/05
Keep those cards and letters comin in  johni123 | 06/08/05
There Will Never Be One  oscarwms | 06/08/05
Why should He?  blacksheepxlch1 | 06/08/05
Why not patched sooner?  ewriggs@... | 06/08/05
It's patched  RdeL | 06/09/05
Spoofing flaw resurfaces in Mozilla browsers  Freedomis#1 | 06/08/05
Not really concerned  sir_cheats_a_lot | 06/08/05
They only need a little time!  blacksheepxlch1 | 06/08/05
The bottom line.....  kjonmyway | 06/08/05
Do you actually mean  blacksheepxlch1 | 06/08/05
Actually, no  kjonmyway | 06/08/05
What a joke!!!  blacksheepxlch1 | 06/08/05
FoxFire works great  jackie40d@... | 06/08/05
flaws  mikereidelbach | 06/08/05
flaws in mozilla  spiritwalker | 06/08/05
Doesn't worry me a bit  Jeffhs | 06/08/05
The problem is related to IE rather than FF  fatih.kilci@... | 06/09/05
Yet another  IT Scion | 06/09/05
Spoofing flaw  Dano50 | 06/09/05
Secunia turning FUD-spewer, whodathunkit sad [nt]  tbbrickster_z | 06/09/05
Once Netscape, always Netscape  Herbalite | 06/09/05
microsoft sux  funnelweb | 06/10/05
I'm Browser Developer Neutral  JRLBell | 06/10/05
Mozilla browsers  jervin | 06/10/05
Firefox, mozilla or IE  ladyjet@... | 06/11/05

What do you think?

advertisement
advertisement

White Papers, Webcasts, and Downloads

Enterprise Applications

  • Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
  • New Online Dashboard
  • Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline