The Firefox vulnerability of the week appears to be a regression of something more than seven years old. According to the Register, Firefox 1.0.4 is vulnerable to a cross-site frame injection spoof that allows hackers to insert the contents of one window into another, while making it appear as if the content was from the original window.
So, for example, you could be on the password page to your online bank and hackers could insert HTML code that re-creates a screen that looks like the original but actually sends the information to Russia. Not a GoodThing(tm).
For now, the work around appears to be: "Do not browse untrusted web sites while browsing trusted sites." Not exactly specific advice but the bottom line seems to be don't open more than one site at a time.
Aloha!
Comments (1)
Your password and info is unlikely to be sent to Russia. It's much more likely to bounce around a bunch of servers all over the world before comming to rest on an American hackers BBS.
(or go straight to a Homeland Security server...)
Posted by sjon | June 7, 2005 9:09 PM
Posted on June 7, 2005 21:09