Online security company Secunia has said this week that versions of Firefox and Mozilla, as well as the lesser known Camino, are again at risk for a frame injection security flaw which has dogged Mozilla on and off for nearly seven years.

The problem, which plagues Firefox versions 1.x, Mozilla versions 1.7.x, and Camino versions 0.x, stems from the way that the software checks (or rather doesn’t check) content displayed in frames on a Web site. The software should, but does not adequately, check to ensure that the content in each frame comes from the same Web site. Thus someone could inject their own content, from their own Web site, into a frame displayed on a page of a trusted Web site. For example, the login frame displayed on a financial institution’s Web site could actually be hosted on a hacker’s Web site, allowing the hacker to collect usernames and passwords…

[Continue reading Firefox and Mozilla Still at Risk for Spoofing "Frame Injection" Security Flaw]