Daily Archives: 7 June 2005

What’s Old is New

The Firefox vulnerability of the week appears to be a
regression of something more than seven years old. According
to the
, Firefox 1.0.4 is vulnerable to a
cross-site frame injection spoof that allows hackers to
insert the contents of one window into another, while making
it appear as if the content was from the original window.

So, for example, you could be on the password page to your
online bank and hackers could insert HTML code that
re-creates a screen that looks like the original but actually
sends the information to Russia. Not a GoodThing(tm).

For now, the work around appears to be: “Do not browse
untrusted web sites while browsing trusted sites.” Not
exactly specific advice but the bottom line seems to be don’t
open more than one site at a time.