Mozilla released two new versions of its browser, Firefox 3.6.9 and Firefox 3.5.12, to close 10 critical security vulnerabilities in each and to block clickjacking.
Firefox 3.6 also gets a new general approach to cut down browsing risks: support for X-Frame-Options HTTP response header. Web developers can use it to block browsers from showing their Web sites inside a frame. Putting a genuine website inside a frame on a harmful website is one approach for attacks called clickjacking, in which the malicious website captures keystrokes such as usernames and passwords.
Read more: http://news.cnet.com/8301-30685_3-20015650-264.html
