Mozilla Riddled With Security Holes
That advisory was published on October 18, and dealt with problems that first came to light in September. Last Friday (November 1) BugTraq posted a half dozen updated advisories which spell out the various risks and gives links to proof on concept demonstrations relating to the six.
Firstly, and most seriously, we touch on a well reported weakness in Mozilla which meand that surfers may not get sufficient warning when being redirected from secure sites to other secure sites via non-secure sites. The consequences of this HTTP/HTTPS Redirection Weakness for ecommerce are serious and at very least may give users a false sense of security when browsing the Internet.