Firefox security advisory issued by Secunia 06/06/05

[hellene]

Secunia has just released details on a new security vulnerbility found in Firefox. They rated it as "Moderately Critical".

You can read about it here:
http://secunia.com/advisories/15601/

Basically, the flaw means that if you are viewing a trusted site in one window (eg paypal or your bank) and open a site belonging to a spoofer in another window, the spoofer can insert code in the window showing the trusted site.

This is a theoretical vulnerability, there have been no actual examples of anyone doing it. It affects Firefox 1.0.4 and Deer Park Alpha.

To protect yourself, close all other windows/tabs before accessing a site where you routinely put in a secure password (eg your bank or paypal account), or your bank or credit card details (eg Amazon), or other sensitive data. If you use one of the tabbed browsing extensions and can set it to always open links in new tabs, never in a new window, this also prevents the vulnerability from being exploited.

Edit by Hendikins: This sticky has been locked. Please use the <a href="http://forums.mozillazine.org/viewtopic.php?t=276038">existing discussion thread</a> to discuss this issue.