Firefox reintroduces seven-year-old security hole
New versions of the Mozilla Foundation's browsers have re-introduced a seven-year-old flaw that makes them vulnerable to spoofing attacks, Secunia said on Monday.
Secunia first publicised the flaw last summer, warning that a feature that had been built into most browsers for years was in fact a security liability. The firm argued that a feature allowing one Web page to load arbitrary content into a frame of another page could allow an attacker to, for example, substitute his own login window on a bank's website. The feature was found in IE, Mozilla, Opera, Safari and Mozilla derivatives such as Konqueror.
For the full story.