New versions of the Mozilla Foundation"s browsers have reintroduced a seven-year-old flaw that makes them vulnerable to spoofing attacks, security advisory company Secunia said Monday.
Secunia first publicized the flaw last summer, warning that a feature that had been built into most browsers for years was in fact a security liability. The firm argued that a feature allowing one Web page to load arbitrary content into a frame of another page could allow an attacker to, for example, substitute his own log-in window on a bank"s Web site. The feature was found in IE, Mozilla, Opera, Safari, and Mozilla derivatives such as Konqueror.
Most browser vendors, including Mozilla, agreed and updated their products to remove the feature. But it has been re-introduced in Firefox 1.0.4, Mozilla 1.7.8, and Camino 0.x, according to the firm.
The new vulnerability is a slight variation of the flaw fixed last year, Secunia said.
The Mozilla Project said it is investigating the report, and a moderator of the organisation"s online support site said the flaw had not been exploited.