Browser Security News

Mozilla Corp. will delay the next security update for Firefox so it can test a fix for a flaw that could be used by attackers by skirt security restrictions. The flaw, disclosed Feb. 14 by Polish researcher Michal Zalewski on the Full-Disclosure security mailing list, could let a malicious site manipulate the authentication cookies for other sites’ pages. It is present in the most recent version of the open-source browser, 2.0.0.1.

According to Zalewski, the bug might allow hackers to "tamper with the way these [third-party] sites are displayed or how they work." Mozilla developers jumped on the bug and produced a fix by the next day. However, adding the patch to the Firefox 2.0.0.2 and 1.5.0.10 updates, which are still under development, will require more work. Firefox update postponed by newest bug