NOW READ THIS
("Security Advisory")

Go Back

---

Submitted by: Bill Hickey
NCVA List Master

NRT-0067 New Mozilla Flaw:

Although Mozilla patched one more FIREFOX bug last week than first reported, the researcher whose work has plagued the open-source browser for weeks has released details about another flaw. He said FIREFOX does not properly handle JavaScript "onUnload" events and can be tricked into taking the user to an unintended destination. This flaw allows an attacker to track your footsteps and either redirect you to the URL you wanted to visit, which wouldn't be noticed at all, or to a similarly named phishing web site when you choose to visit a target of some significance. The bug affects the just-released FIREFOX 2.0.0.2 and 1.5.0.10 updates, as well as Microsoft's Internet Explorer 7. JavaScript can be disabled in the browsers to block such redirects.

(Computerworld 27FEB07)

Last Modified: Sunday, 04-Mar-2007 09:58:05 EST