Wed, Feb 21 2007 8:00
Firefox update postponed by newest bug
Mozilla Corp. will delay the next security update for Firefox so it
can test a fix for a flaw that could be used by attackers by skirt
The flaw, disclosed Feb. 14 by Polish researcher Michal Zalewski on the Full-Disclosure
security mailing list, could let a malicious site manipulate the
authentication cookies for other sites' pages. It is present in the
most recent version of the open-source browser, 184.108.40.206.
According to Zalewski, the bug might allow hackers to "tamper
with the way these [third-party] sites are displayed or how they work."
Filed under: News