Firefox suffers from a flaw that allows attackers to manipulate the authentication cookies of virtually any website, a vulnerability Bugzilla has deemed severe. It's the second major security lapse for the open-source browser in as many days.
The defect, which stems from the way Firefox writes to the "location.hostname" property of the document object model, can be exploited by a specially doctored script that sets variables that normally wouldn't be accepted when parsing a regular URL, according to researcher Michal Zalewski, who uncovered Monday's vulnerability as well.
By injecting text string that includes "\x00," normal safeguards can be bypassed, allowing the browser to be fooled about the origin of a domain trying to set or modify a cookie. The sleight of hand makes a victim's browser appear to be talking to trustedbank.com when in fact it is receiving data from evilhackers.com.
The attacker would also be able to change the document.domain accordingly. A demonstration of the vulnerability, which has been tested on version 2.0.0.1, is available here:
http://lcamtuf.dione.cc/ffhostname.html
Source:
The Register
Please support our advertisers:
I suppose the more relevant question is how quickly a fix is made available - probably pretty fast; maybe even in a shorter response cycle than Micro$oft. Anyway, I imagine Explorer has had similar and worse bugs.
Please support our advertisers:
I expect a patch from the community pretty soon.
Got this e-mail from ZDNet:
Browser beware: Unpatched holes in Firefox, IE 7
Ryan Naraine: Firefox and Internet Explorer users beware: There are serious, unpatched flaws in both browsers that could allow the hijacking of files from your Windows machine.
http://ct.zdnet.com/clicks?t=30559050-0d2faba3b559075677e1db561f6e8151-bf&s=5&fs=0
Please support our advertisers:
You must be logged in to be able to reply.
Login now
Copy Link
Facebook
Gmail
Mail