They also hijack DNS options, among other shady practices, notes Ormandy.
Comodo has said that the fault was not in the web app but in an add-on.
An attacker could mimic the companys built-in checks and run their own code on a users machine.
The patch would be released in three to four weeks states the blog.
source: www.techworm.net
