Humpty Posted February 15, 2007 Share Posted February 15, 2007 There's a new bug reported in the way Firefox handles writes to the 'location.hostname' DOM property. The vulnerability could potentially allow a malicious website to manipulate the authentication cookies for a third-party site. The bug was submitted by Michal Zalewski and was tested with the current version of Firefox. The bug could allow for the browser to appear as if were connecting to a bank, when in fact it would instead be receiving data from a bad guy.A demo of the vulnerability and a suggested work-around can be found here. F-secure article Link to comment Share on other sites More sharing options...
krit86lr Posted February 15, 2007 Share Posted February 15, 2007 Oh, no! I hope it's fixed quickly. Windows Pro Media 8.1 x64 | 8GB Ram | 500G HDD 7200 RPM | All that I know about my graphics is that it's Intel Link to comment Share on other sites More sharing options...
Humpty Posted February 15, 2007 Author Share Posted February 15, 2007 When I tested FF the noscript extension stopped the test site. I then allowed the test site and I was supposedly vulnerable so I implemented the "about:config" setting and that seemed to fix it. Link to comment Share on other sites More sharing options...
Moderators Andavari Posted February 16, 2007 Moderators Share Posted February 16, 2007 I then allowed the test site and I was supposedly vulnerable so I implemented the "about:config" setting and that seemed to fix it. Ditto, the fix works for me too in the interim. I wonder though if/when Mozilla fixes it if we'll have to remove the fix. Link to comment Share on other sites More sharing options...
JDPower Posted February 16, 2007 Share Posted February 16, 2007 Ditto, the fix works for me too in the interim. I wonder though if/when Mozilla fixes it if we'll have to remove the fix. With it being a Mozilla suggested fix I wouldn't think so (wouldn't be surprised if the official fix just does the same thing) Link to comment Share on other sites More sharing options...
fireryone Posted February 17, 2007 Share Posted February 17, 2007 There's a new bug reported in the way Firefox... Thanks I've fixed mine fireryone Link to comment Share on other sites More sharing options...
Sputnik Posted February 17, 2007 Share Posted February 17, 2007 Thanks I've fixed mine Dito Ceci n'est pas une signature Link to comment Share on other sites More sharing options...
TeeJay3800 Posted February 20, 2007 Share Posted February 20, 2007 I fixed mine too, but now www.howardforums.com will not load for me. Is this happening to anyone else? Dell Latitude D600 Windows 7 Ultimate 32-bit SP1 Link to comment Share on other sites More sharing options...
Humpty Posted February 20, 2007 Author Share Posted February 20, 2007 Howards Forum is loading OK here. In case the test site for the fix can't be accessed. An interim workaround suggested by Firefox developers is to Open Firefox, go to the Address Bar and type: about:config Then right-click anywhere on the page to add a new string key: capability.policy.default.Location.hostname.set Set its value to noAccess Link to comment Share on other sites More sharing options...
JDPower Posted February 20, 2007 Share Posted February 20, 2007 Howards Forum is loading OK here. Working fine here too. Link to comment Share on other sites More sharing options...
Woody Posted February 20, 2007 Share Posted February 20, 2007 Works here as well. God isn't that site weird? One guy on there has over 7500 posts, all about mobile phones! The words Get and Life spring to mind. It is never difficult to distinguish between a Scotsman with a grievance and a ray of sunshine. P. G. Wodehouse Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now