Cross-site scripting hole in Firefox

A vulnerability in Firefox enables cross-site scripting attacks which allow attackers access to a victim's login credentials on websites such as MySpace. While the problem has been recognised since the beginning of the year among Firefox developers and was even documented in an entry at Bugzilla, no changes have yet been made in Firefox to remedy the situation. But now, security specialist Petko Petkov says he has come across the flaw again and published it in his blog, forcing US-CERT to publish its own security advisory on the matter.

Read the article HERE.