Mozilla Corp. will delay the next security update for Firefox so it
can test a fix for a flaw that could be used by attackers by skirt
security restrictions.

The flaw, disclosed Feb. 14 by Polish researcher Michal Zalewski on the Full-Disclosure
security mailing list, could let a malicious site manipulate the
authentication cookies for other sites’ pages. It is present in the
most recent version of the open-source browser, 2.0.0.1.

According to Zalewski, the bug might allow hackers to “tamper
with the way these [third-party] sites are displayed or how they work.”

Computerworld