Firefox Flaw Could Let Attackers Change CookiesBy Brian Prince | Posted 02-16-2007
A bug was recently uncovered in Firefox that could allow a malicious Web site to appear authentic.
The bug affects the way Firefox handles writing to the "location.hostname" DOM property, according to a posting by security researcher Michal Zalewski on the security mailing list Full Disclosure. The vulnerability could potentially allow a malicious Web site to manipulate the authentication cookies for a third-party Web site.
By bypassing same-origin policy, attackers can possibly tamper with the way these sites are displayed or how they work. For users, this means the bug could allow for the browser to appear as if the user were connecting to a bank, when in fact the user would instead be receiving data from an attacker.
"This flaw is at the core of phishing attack[s]," said Natalie Lambert, an analyst with Forrester Research. "The ability to mask the real site a user is visiting is how phishing attacks are successful. So, the threat of this vulnerability is large."
This vulnerability was tested using Firefox 2.0.01. Though the bug was listed as resolved, Mozilla security chief Window Snyder said they will be addressing the vulnerability in the next update to Firefox, version 220.127.116.11.
"We have not heard of any reported exploits," he said. "However, we're working to address the issue as quickly as possible to minimize the window of risk. Mozilla takes security vulnerabilities very seriously, and our community of users can be assured that we are working hard to resolve this."
David Frazer, director of technology services at F-Secure, urged users to make sure they have the automatic updates for Firefox set to on.