Friday, February 16, 2007 7:51 AM
cmosby
F-Secure : News from the Lab - Firefox Cookie Bug
I am sure this will be taken care of in no time...
Firefox Cookie Bug
Posted by Sean @ 14:43 GMT
There's a new bug reported in the way Firefox handles writes to the 'location.hostname' DOM property. The vulnerability could potentially allow a malicious website to manipulate the authentication cookies for a third-party site. The bug was submitted by Michal Zalewski and was tested with the current version of Firefox.
The bug could allow for the browser to appear as if were connecting to a bank, when in fact it would instead be receiving data from a bad guy.
Firefox is often patched quickly, so take note, it's an excellent idea to enable Firefox's automatic updates option if you haven't already.
A demo of the vulnerability and a suggested work-around can be found here.
Source: F-Secure : News from the Lab - February of 2007
Filed under: Security and Anti-Virus, Browser Wars, Firefox