You are not registered yet. Please click here to register!
[Alert] Multiple Browsers Window Injection Vulnerability - i4memory.com - different look at memory
Tags Register Blogs FAQ Members List Calendar Mark Forums Read

Notices

Reply
 
Thread Tools
Old 09-12-2004, 11:44 PM   #1
eva2000
Administrator
eva2000's PC Specs
 
Join Date: Jul 22 2004
Location: Brisbane, Australia
Posts: 22,988
twitter.com/i4memorycom Facebook Page livestream.com/i4memorycom
Blog Entries: 42
Exclamation [Alert] Multiple Browsers Window Injection Vulnerability

Read Secunia's report of browser flaw here

Introduction

Secunia Research has reported a vulnerability, which affects most browsers. The vulnerability can be exploited by a malicious web site to "hi-jack" a named browser window, regardless of which web site is the true "owner" of the window.

What should you do if affected?

Please view the appropriate Secunia advisory for information about how you can fix or mitigate the impact of this vulnerability. The Secunia advisories will be updated when the vendors issue patches.

- Internet Explorer http://secunia.com/advisories/13251/
- Mozilla / Firefox http://secunia.com/advisories/13129/
- Opera http://secunia.com/advisories/13253/
- Konqueror http://secunia.com/advisories/13254/
- Safari http://secunia.com/advisories/13252/
- Netscape http://secunia.com/advisories/13402/


A must read for all internet users and forum members!
eva2000 is offline   Reply With Quote
Old 10-12-2004, 12:03 AM   #2
eva2000
Administrator
eva2000's PC Specs
 
Join Date: Jul 22 2004
Location: Brisbane, Australia
Posts: 22,988
twitter.com/i4memorycom Facebook Page livestream.com/i4memorycom
Blog Entries: 42
Work Around:

For Firefox users work arounds as listed at

https://bugzilla.mozilla.org/show_bug.cgi?id=273699

and

http://mozillanews.org/?article_date...12-08+06-48-46

Workarounds

Note that, although the attack site can inject its own content, it cannot change the URL appearing in the Location Bar. Firefox and Mozilla have the ability to deny access to the Location Bar so all pop-up windows always have it. To turn on this feature:

1. Enter about:config in the Location Bar.
2. Enter dom.disable_window_open_feature.location in the filter field.
3. Right-click (Ctrl+click on Mac OS) the preference option and choose Toggle (the value should change to true).
eva2000 is offline   Reply With Quote
Old 10-12-2004, 11:44 PM   #3
fxr91
Senior Member
fxr91's PC Specs
 
Join Date: Jul 24 2004
Location: Brisbane, QLD
Posts: 392
What I love about these things is the "malicious site" detail. I can't, for the life of me, remember the last time I went to a site I could have classed as "malicious". It is like the bank scam emails, you simply have to be silly enough to go there in the first place

I also would have thought the pop-up killer in firefox would have made it invulnerable

Last edited by fxr91; 10-12-2004 at 11:48 PM.
fxr91 is offline   Reply With Quote
Reply

Bookmarks

Tags
alert, browsers, injection, multiple, vulnerability, window


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools



All times are GMT +11. The time now is 11:46 AM.

no new posts