Security firm Secunia writes all Mozilla 1.7.x and Firefox 1.x browsers are vulnerable to a frame injection flaw that was first discovered seven years ago in 1998. The flaw allows malicious users to insert their own content into the view of trusted, legitimate sites:
"The flaw means that if you are viewing a trusted site in one window (PayPal or your bank) and open a site belonging to a spoofer in another window, the spoofer can insert code in the window showing the trusted site," wrote a moderator on Mozilla's online forum Monday.
The same vulnerability was discovered almost a year ago in virtually every browser available on the market, but a slight variation of the fixed flaw is still present in Mozilla's browsers. More details at InformationWeek