Blank Firefox Windows Can Snag Unalert Users

Mere days after a cookie writing manipulation weakness in Firefox was revealed, a researcher reported that an inherent design flaw in the popular browser allows fraudulent Web sites to come off as legit. The bug also allows for bypassing of a fix for an old UI spoofing problem that supposedly had already been addressed.

The Firefox design flaw allows a script to open an "about:blank" URL in a new tab. The new tab opens with a blank address bar and appears grayed out or hidden in a new window.

A malicious script can then interact with the new document as if it were just another page under the original, legitimate domain, including allowing for the injection of custom HTML. Security Watch - - Blank Firefox Windows Can Snag Unalert Users

Linked by shanmuga Wednesday, 21st February 2007 11:58PM