A recently discovered bug in Mozilla Firefox allows forged web sites to appear authentic.

The bug affects writing to the "location.hostname" DOM property. The flaw could allow a malicious web site to forge the authentication cookies exposing sensitive data stored in them. By bypassing the origin policy hackers can modify the way web sites work and are being displayed so an attacker can possibly serve a website to a visitor that make them think they were connecting to a bank. However, in fact there could be a fake website the user is receiving data from.

According to Natalie Lambert, analyst with Forrester Research "This flaw is at the core of phishing attacks,". "The ability to mask the real site a user is visiting is how phishing attacks are successful. So, the threat of this vulnerability is large."

This flaw has been discovered in Firefox 2.0.01 even though the bug has been classified as “resolved” Mozilla plans to address this issue in the next version of its Firefox browser 2.0.02.

All Mozilla Firefox users are advised to make sure they have the automatic updates option turned on in their browsers.