Revenge of the Frame Injection Spoofing Flaw
Secunia has issued a security advisory about a frame injection vulnerability in various Mozilla browsers. The flaw allows a malicious website in one window to load content into a frame that's part of a different site in another window. While this does not present much risk by itself, it could be used as part of a spoofing attack. The Mozilla Foundation is aware of the issue and a fix has been checked in to the trunk and the Mozilla 1.7 and Aviary (Mozilla Firefox 1.0.x and Mozilla Thunderbird 1.0.x) branches.
The frame injection vulnerability first appeared in 1998, when it was found to affect many different browsers, and has cropped up several times over the last few years due to various regressions (changes unintentionally bringing the bug back). Firefox 1.0.3 and 1.0.4 are affected, as are versions 1.7.7 and 1.7.8 of the Mozilla Application Suite. Secunia has a separate frame injection security advisory for Camino 0.8.4. As this is a regression, Firefox 1.0.2, Mozilla 1.7.6 and Camino 0.8.3 are not affected.
More technical details about the vulnerability and how the regression occurred can be found in bug 296850 (no unnecessary comments please).
Slashdot has an article about the return of the spoofing flaw with many user comments. GAThrawn wrote in to tell us that The Register also has a report about the frame injection vulnerability.
基本信息:
1。此漏洞1998年最早出现,之后反复出现
2。这是一个倒退,因为Mozilla 1.7.6/Firefox 1.0.2/camino 0.83不受影响,但是最新版本受影响。
3。修正已经checkin到Fx 1.0.x, Mozilla 1.7.x的branch(期待Fx 1.0.5吧),以及trunk(如果你下载使用0607 20:00之后的1.0+,应该已经修补了)。
Bugzilla的track(不要在那里跟废贴,会被批死的,呵呵)
https://bugzilla.mozilla.org/show_bug.cgi?id=296850
一个亮点,最新的Tabmix扩展似乎可以修正这个漏洞。
