Serious hole in Firefox 2.0.0.1 (and prior)

Hi malware fighters.

A serious flaw in FF 2.0.0.1 (and prior) allows malicious sites to manipulate authentication for third party sites has been found up by Michal Zalewski.
But without javascript installed we are secure. Again one hole the NoScript extension has defended us against. The test can be found here: http://lcamtuf.dione.cc/ffhostname.html

polonus

FF 2.0.0.1 on mac is affected :-[

This really is a non issue if you are using the NoScript extension and only allow script on trusted sites. I assume the NoScript extension works on the mac version of firefox.

thanks for the info.since i use firefox and use the NoScript extension :wink:
have a good one my avast friends ::slight_smile:

There’s also a new hole in IE7.

http://blogs.zdnet.com/security/?p=37&tag=nl.e589