Submission + - New Firefox Flaw Enables URL Spoofing (threatpost.com)
Trailrunner7 writes: A prominent security researcher has identified a problem with the way that Mozilla Firefox handles links that are opened in a new browser window or tab, enabling attackers to inject arbitrary code into the new window or tab while still keeping a deceptive URL in the browser's address bar. The vulnerability, which Mozilla has fixed in the upcoming version 3.6.4 of Firefox (which is in beta right now), has the effect of tricking users into thinking that they're visiting a legitimate site while instead sending arbitrary attacker-controlled code to their browsers. Security researcher Michal Zalewski discovered the flaw, which abuses Firefox's implementation of the same origin policy.