Though Mozilla fixed one more Firefox creepy-crawly previous week than first reported, the researcher whose work has beleaguered the open-source browser for weeks has come up with the details of an additional vulnerability. As maintained by security researcher Michal Zalewski, Firefox does not rightfully tackle JavaScript “onUnload” events and can with no trouble be trapped into landing the user to an inadvertent destination.
Zalewski further states that the vulnerability enables the hacker to keep track of your behavior and either redirect you to the URL you desired to visit, which could not be noticed in any way, or to a likewise dubbed phishing Web site when you opt to visit a target of a little importance. The creepy-crawly is claimed to have an effect on the recent-launched Firefox 2.0.0.2 and 1.5.0.10 updates, plus Microsoft’s Internet Explorer 7. JavaScript can be put out of action in the browsers to slab such redirects.
