Firefox suffers from a flaw that allows attackers to manipulate the authentication cookies of virtually any website, a vulnerability Bugzilla has deemed severe. It's the second major security lapse for the open-source browser in as many days.

The defect, which stems from the way Firefox writes to the "location.hostname" property of the document object model, can be exploited by a specially doctored script that sets variables that normally wouldn't be accepted when parsing a regular URL, according to researcher Michal Zalewski, who uncovered Monday's vulnerability as well.

By injecting text string that includes "\x00," normal safeguards can be bypassed, allowing the browser to be fooled about the origin of a domain trying to set or modify a cookie. The sleight of hand makes a victim's browser appear to be talking to trustedbank.com when in fact it is receiving data from evilhackers.com.

The attacker would also be able to change the document.domain accordingly. A demonstration of the vulnerability, which has been tested on version 2.0.0.1, is available here. ®

Related stories

• Firefox lances IE bug (18 July 2007)
• Flaws galore in IE and Firefox (5 June 2007)
• Mozilla seeks security researchers to look at alpha code (10 April 2007)
• Mozilla patches faulty patch (7 March 2007)
• Firefox fix lances memory corruption bug (26 February 2007)
• Broadband routers welcome drive-by hackers (15 February 2007)
• Updated IE and Firefox cough up hard drive contents (13 February 2007)
• Malware: Windows is only part of the problem (10 January 2007)
• Firefox update guards against critical flaws (21 December 2006)
• Attackers end-run around IE security (8 November 2006)
• Old bugs blight shiny new browsers (30 October 2006)
• IE7 spoofing bug pops up (26 October 2006)
• Opera hit by buffer overflow glitch (19 October 2006)
• Mozilla flaws more joke than jeopardy (5 October 2006)
• Update Firefox JavaScript risk downplayed (3 October 2006)