posted on Saturday, July 31, 2004 1:44 PM
by
demiliani
Security Advisor for Mozilla Browsers
Mozilla (and expecially Firefox) are becoming widespread browsers and the first security alerts are coming out...
Secunia has released a security advisor for a new Mozilla / Mozilla Firefox User Interface Spoofing Vulnerability.
The problem is that Mozilla and Mozilla Firefox don't restrict websites from including arbitrary, remote XUL (XML User Interface Language) files (the Mozilla user interface is built using XUL files). This can be exploited to "hijack" most of the user interface (including toolbars, SSL certificate dialogs, address bar and more), thereby controlling almost anything the user sees.
Solutions to this? For the moment only one... do not follow links from untrusted sites! 