Forum » Programska oprema » Luknja v Firefoxu
Luknja v Firefoxu
mtosev ::
Revenge of the Frame Injection Spoofing Flaw
Tuesday June 7th, 2005
Secunia has issued a security advisory about a frame injection vulnerability in various Mozilla browsers. The flaw allows a malicious website in one window to load content into a frame that's part of a different site in another window. While this does not present much risk by itself, it could be used as part of a spoofing attack. The Mozilla Foundation is aware of the issue and a fix has been checked in to the trunk and the Mozilla 1.7 and Aviary (Mozilla Firefox 1.0.x and Mozilla Thunderbird 1.0.x) branches.
The frame injection vulnerability first appeared in 1998, when it was found to affect many different browsers, and has cropped up several times over the last few years due to various regressions (changes unintentionally bringing the bug back). Firefox 1.0.3 and 1.0.4 are affected, as are versions 1.7.7 and 1.7.8 of the Mozilla Application Suite. Secunia has a separate frame injection security advisory for Camino 0.8.4. As this is a regression, Firefox 1.0.2, Mozilla 1.7.6 and Camino 0.8.3 are not affected.
More technical details about the vulnerability and how the regression occurred can be found in bug 296850 (no unnecessary comments please).
Slashdot has an article about the return of the spoofing flaw with many user comments. GAThrawn wrote in to tell us that The Register also has a report about the frame injection vulnerability.
Link
Tuesday June 7th, 2005
Secunia has issued a security advisory about a frame injection vulnerability in various Mozilla browsers. The flaw allows a malicious website in one window to load content into a frame that's part of a different site in another window. While this does not present much risk by itself, it could be used as part of a spoofing attack. The Mozilla Foundation is aware of the issue and a fix has been checked in to the trunk and the Mozilla 1.7 and Aviary (Mozilla Firefox 1.0.x and Mozilla Thunderbird 1.0.x) branches.
The frame injection vulnerability first appeared in 1998, when it was found to affect many different browsers, and has cropped up several times over the last few years due to various regressions (changes unintentionally bringing the bug back). Firefox 1.0.3 and 1.0.4 are affected, as are versions 1.7.7 and 1.7.8 of the Mozilla Application Suite. Secunia has a separate frame injection security advisory for Camino 0.8.4. As this is a regression, Firefox 1.0.2, Mozilla 1.7.6 and Camino 0.8.3 are not affected.
More technical details about the vulnerability and how the regression occurred can be found in bug 296850 (no unnecessary comments please).
Slashdot has an article about the return of the spoofing flaw with many user comments. GAThrawn wrote in to tell us that The Register also has a report about the frame injection vulnerability.
Link
Core i9 10900X, ASUS Prime X299 Edition 30, 32GB 4x8 3600Mhz G.skill, CM H500M,
ASUS ROG Strix RTX 2080 Super, Samsung 970 PRO, UltraSharp UP3017, Win 11 Pro,
Enermax Platimax 1700W | moj oče darko 1960-2016, moj labradorec max 2002-2013
ASUS ROG Strix RTX 2080 Super, Samsung 970 PRO, UltraSharp UP3017, Win 11 Pro,
Enermax Platimax 1700W | moj oče darko 1960-2016, moj labradorec max 2002-2013
Vredno ogleda ...
| Tema | Ogledi | Zadnje sporočilo | |
|---|---|---|---|
| Tema | Ogledi | Zadnje sporočilo | |
| » | Samo Konqueror prestal varnostni test (strani: 1 2 )Oddelek: Novice / Ostala programska oprema | 5908 (5908) | MrStein |
| » | Firefox 0.10.1 (strani: 1 2 )Oddelek: Novice / Brskalniki | 6978 (6978) | CaqKa |
| » | Microsoft se je izkazalOddelek: Novice / Brskalniki | 2267 (2267) | Alexius Heristalski |
| » | Linux varnostne luknjeOddelek: Operacijski sistemi | 2482 (2235) | BigWhale |