As Israeli security researcher Aviv Raff reports he has found couple Firefox 2 vulnerabilities that can leave its users susceptible to an identity theft attack. A bug allows spoofing and enables an attacker to conduct phishing attacks, by tricking the user to believe that the authentication dialog box is from a trusted website. The versions affected include Firefox v2.0.0.11 and prior versions. Mr Raff suggests avoiding sites that require password authentication and give you a dialog that looks like this one:

Mozilla developing team has been informed about this vulnerability and we’re expecting some patches soon.

For next Patch Tuesday, January 8, Microsoft is preparing a relatively light haul of two security bulletins. The first one is rated critical and covers a remote code execution in Windows Vista and Windows XP Service Pack 2 users. For Windows Server 2003, the bulletin is rated as “important”. Second bulletin is related to local elevation of privilege vulnerability and rated as “important” for Windows 2000 Server Service Pack 4, Windows XP and Windows Server 2003 but doesn’t apply to Vista.

Facebook users have been attacked with several Phising attempts via suspicious Wall messages that contains:

“lol i cant believe these pics got posted….its going to be BADDDD when her boyfriend sees these- http://www.facebook.com.profile.php.id.371233.cn”

URL provided in message is linking to a fake Facebook login page and threat to steal all your data. So, it is advisable to double check the URL of login page and DO NOT enter your Facebook username and password or any other personal information.