Firefox suffers from a flaw that allows attackers to manipulate the authentication cookies of virtually any website, a vulnerability Bugzilla has deemed severe. It"s the second major security lapse for the open-source browser in as many days.
The defect, which stems from the way Firefox writes to the "location.hostname" property of the document object model, can be exploited by a specially doctored script that sets variables that normally wouldn"t be accepted when parsing a regular URL, according to researcher Michal Zalewski, who uncovered Monday"s vulnerability as well.