| By Chris Mosby |
While Firefox is my Web browser of choice, I still realize that it isn’t 100% secure.
Any piece of software that is even remotely popular is going to have hackers going over it trying to find ways to exploit it for their purposes — and that’s led to a Firefox hole you should plug.
Firefox allows sites to piggyback on others
Mozilla Firefox has a flaw in the way that it handles iframes, which are rectangular areas that can appear within Web pages. This vulnerability allows one Web site that you visit to run scripts affecting other sites that you may navigate to.
A hacker could modify the iframe of a site to gain access to sensitive information. This could include passwords or bank-account information that you enter at a different site. Other exploits are also possible with this flaw. For example, a hacker site could run its scripts outside of the security zone you’d set. In other words, an untrusted site could run a script using the profile of a trusted site.
This flaw has been confirmed in all versions of Mozilla Firefox up to 18.104.22.168 (which is currently the latest version) running on multiple operating systems.
What to do: If you’re like me, and Firefox is your browser of choice, I recommend that you install the third-party NoScript add-on to protect yourself from this threat. The NoScript extension allows you to enable scripting on Web sites you trust while blocking scripts from all other sites from running by default. The latest version also has Cross-Site Scripting (XSS) protection, which directly helps to protect you against this flaw in particular.