Common Tasks

Recent Posts

Community

Email Notifications

Personal Links

Archives

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Secunia: Multiple Browser Injection Vulnerabilities

       In personally testing this, ALL 3 BROWSERS FAILED THE TEST (e.g., IE 6 SP1, Mozilla Firefox 1.0, and Opera 7.60 Beta). Hopefully all the vendors are working on this one, as the opportunities for phishing expeditions are certainly possible with this one

BROWSER IMPACTED: Netscape 7.x, Konqueror 3.x, Opera 7.x, Safari 1.x, Microsoft Internet Explorer 5.01/5.5/6, Mozilla 0.x, Mozilla 1.0, Mozilla 1.1, Mozilla 1.2, Mozilla 1.3, Mozilla 1.4, Mozilla 1.5, Mozilla 1.6, Mozilla 1.7.x, Mozilla Firefox 0.x,Mozilla Firefox 1.x

The problem is that a website can inject content into another site's window if the target name of the window is known. This can e.g. be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website.

Solution: Do not browse untrusted sites while browsing trusted sites.


RELATED PRODUCT SITES

Netscape: http://secunia.com/advisories/13402/
Opera: http://secunia.com/advisories/13253/
Mozilla/Firefox: http://secunia.com/advisories/13129/
IE:  http://secunia.com/advisories/13251/
Konqueror: http://secunia.com/advisories/13254/
Safari: http://secunia.com/advisories/13252/

Secunia has constructed a test, which can be used to check if your browser is affected by this issue:

http://secunia.com/multiple_browsers_window_injection_vulnerability_test/


Posted: Dec 08 2004, 01:05 PM by Harry Waldron | with 3 comment(s)

Comments

TrackBack said:

# December 8, 2004 12:59 PM

Harry Waldron said:

Great write up Harry!!
# December 8, 2004 3:59 PM

TrackBack said:

# December 9, 2004 5:18 AM