“[…] it was possible to generate a fake HTTP Referer header by exploiting a timing condition when setting the window.location property. This could be used to conduct a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header as protection against such attacks.
When navigation occurs due to setting window.location the Referer header is supposed to reflect the address of the content which initiated the script. Instead, the referer was set to the address of the window (or frame) in which the script was running, and this vulnerability arises from that tiny difference. Using a modal alert() dialog Fleischer was able to suspend the attack script so that it did not load the target URI until after the attacker’s initial content had been replaced by the intended referring page. When the Referer is set to the current URI of the script’s window it is no longer the correct one.”
Firefox 2.x users will receive an automated update notification within the next 24 hours, or they can download and install it themselves by selecting ‘Check for Updates’ from the Help menu.
In the mean time, those still browsing with Firefox 1.5 get one more warning in the line of “please upgrade your version immediately”.
Or, maybe you’d like to go for Firefox 3.0 Beta…