What’s Old is New

The Firefox vulnerability of the week appears to be a
regression of something more than seven years old. According
to the
Register
, Firefox 1.0.4 is vulnerable to a
cross-site frame injection spoof that allows hackers to
insert the contents of one window into another, while making
it appear as if the content was from the original window.

So, for example, you could be on the password page to your
online bank and hackers could insert HTML code that
re-creates a screen that looks like the original but actually
sends the information to Russia. Not a GoodThing(tm).

For now, the work around appears to be: “Do not browse
untrusted web sites while browsing trusted sites.” Not
exactly specific advice but the bottom line seems to be don’t
open more than one site at a time.

Aloha!

Advertisements

One response to “What’s Old is New

  1. Your password and info is unlikely to be sent to Russia. It’s much more likely to bounce around a bunch of servers all over the world before comming to rest on an American hackers BBS.

    (or go straight to a Homeland Security server…)