Security researcher/hacker, Michal Zalewski has released a report on a security vulnerability affecting Firefox 2.0.0.1 and possibly earlier versions. The vulnerability could allow a malicious web site to impersonate an authentic one and set a cookie on its behalf. This could be used to perform cross-window and cross-frame attacks compromising personal information exchanged via Ajax. Zalewski has released a test case that demonstrate the vulnerability.It has

already been filed to Bugzilla for its resolution. In the meantime, Zalewski recommends this workaround:

• Enter about:config in the location bar to access Firefox’s advanced preferences
• Right click on any preference and select New>String
• Enter capability.policy.default.Location.hostname.set for the preference name
• Enter noAccess for the preference value
• Restart Firefox

It’s still unknown if this will be fixed in upcoming 2.0.0.2 (due by the end of February) but it’s most likely it won’t.