New Vulnerability

Status
Not open for further replies.
O

ovi

The Security Company SECUNIA has discovered vulnerability in many browsers, which can permit the attacker to trick the user and to find out sensitive data from him.
The cause of this problem is the fact that the browser allows the control of the data shown in a window if it knows the name of this. In this way an attacker can prepare a modified web page and convince the user who visits this to open a trusted site in another window, using a link that seems to be ok in a "trap" page. Because it's a site that the attacker knows will be accessed, he knows the name of the window, this mean that the attacker could control the data shown in the open window by the user who thinks that he access the information from the trust site.
Any data inserted in this fake page will be accessed by any attacker, who can access sensitive information. The vulnerability has been confirmed in the following versions of these browsers:
Konqueror 3.2.2.-6. Opera 7.54, Safari 1.2.4, Microsoft Internet Explorer 6.0 (on a Windows XP SP1/SP2 System), mozilla 1.7.3, Mozilla Firefox 1.0, Netscape 7.2.
SECUNIA has put public available a webpage that use the vulnerability to test is the browser you use is vulnerable. The address of the page is:

http://secunia.com/multiple_browsers_window_injection_vulnerability_test

Until the appearance of new versions of these browsers, which will remove this vulnerability, it is recommended not to access sites that don't seems to be trust-worthy while you also access trusted sites.
 
L

L-Man

ovi said:
The vulnerability has been confirmed in the following versions of these browsers:
Konqueror 3.2.2.-6. Opera 7.54, Safari 1.2.4, Microsoft Internet Explorer 6.0 (on a Windows XP SP1/SP2 System), mozilla 1.7.3, Mozilla Firefox 1.0, Netscape 7.2.
Mozilla Firefox 1.0!!!? are they sure I think I need my friend Alex to tell them this is not true
 
O

ovi

:)

Stay cool L-Man, it's true...also FireFox has his vulnerabilities.

Ovi
 
O

ovi

:)

L-Man you can take a look here too:

secunia.com/advisories/12526/

You will find a list of vulnerabilities of Mozilla

Ovi
 

alexandru

Yellow Belt
L-Man said:
Mozilla Firefox 1.0!!!? are they sure I think I need my friend Alex to tell them this is not true
Yup, it's sure, Firefox has vulnerabilities too. But it's still more secure than IE due to the responsiveness to security events:

source: secunia.com
--- copy & paste ---
Microsoft Internet Explorer 6 [..] is currently affected by one or more Secunia advisories rated Highly critical. Currently, 19 out of 75 Secunia advisories, is marked as "Unpatched" in the Secunia database.

Opera 7.x [..] is currently affected by one or more Secunia advisories rated Moderately critical. Currently, 4 out of 34 Secunia advisories, is marked as "Unpatched" in the Secunia database.

Mozilla Firefox 1.x [..] is currently affected by one or more Secunia advisories rated Moderately critical. Currently, 5 out of 6 Secunia advisories, is marked as "Unpatched" in the Secunia database.
--- end of copy & paste ---

Of the three browsers mentioned above, only IE allows itself to stay with "Highly critical" security advisories unpathced...
 
Status
Not open for further replies.
Top