Secunia: Multiple Browser Injection Vulnerabilities
In personally testing this, ALL 3 BROWSERS FAILED THE TEST (e.g., IE 6 SP1, Mozilla Firefox 1.0, and Opera 7.60 Beta). Hopefully all the vendors are working on this one, as the opportunities for phishing expeditions are certainly possible with this one
BROWSER IMPACTED: Netscape 7.x, Konqueror 3.x, Opera 7.x, Safari 1.x, Microsoft Internet Explorer 5.01/5.5/6, Mozilla 0.x, Mozilla 1.0, Mozilla 1.1, Mozilla 1.2, Mozilla 1.3, Mozilla 1.4, Mozilla 1.5, Mozilla 1.6, Mozilla 1.7.x, Mozilla Firefox 0.x,Mozilla Firefox 1.x
The problem is that a website can inject content into another site's window if the target name of the window is known. This can e.g. be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website.
Solution: Do not browse untrusted sites while browsing trusted sites.
RELATED PRODUCT SITES
Secunia has constructed a test, which can be used to check if your browser is affected by this issue: