O
ovi
Guest
The Security Company SECUNIA has discovered vulnerability in many browsers, which can permit the attacker to trick the user and to find out sensitive data from him.
The cause of this problem is the fact that the browser allows the control of the data shown in a window if it knows the name of this. In this way an attacker can prepare a modified web page and convince the user who visits this to open a trusted site in another window, using a link that seems to be ok in a "trap" page. Because it's a site that the attacker knows will be accessed, he knows the name of the window, this mean that the attacker could control the data shown in the open window by the user who thinks that he access the information from the trust site.
Any data inserted in this fake page will be accessed by any attacker, who can access sensitive information. The vulnerability has been confirmed in the following versions of these browsers:
Konqueror 3.2.2.-6. Opera 7.54, Safari 1.2.4, Microsoft Internet Explorer 6.0 (on a Windows XP SP1/SP2 System), mozilla 1.7.3, Mozilla Firefox 1.0, Netscape 7.2.
SECUNIA has put public available a webpage that use the vulnerability to test is the browser you use is vulnerable. The address of the page is:
secunia.com/multiple_browsers_window_injection_vulnerability_test
Until the appearance of new versions of these browsers, which will remove this vulnerability, it is recommended not to access sites that don’t seems to be trust-worthy while you also access trusted sites.
The cause of this problem is the fact that the browser allows the control of the data shown in a window if it knows the name of this. In this way an attacker can prepare a modified web page and convince the user who visits this to open a trusted site in another window, using a link that seems to be ok in a "trap" page. Because it's a site that the attacker knows will be accessed, he knows the name of the window, this mean that the attacker could control the data shown in the open window by the user who thinks that he access the information from the trust site.
Any data inserted in this fake page will be accessed by any attacker, who can access sensitive information. The vulnerability has been confirmed in the following versions of these browsers:
Konqueror 3.2.2.-6. Opera 7.54, Safari 1.2.4, Microsoft Internet Explorer 6.0 (on a Windows XP SP1/SP2 System), mozilla 1.7.3, Mozilla Firefox 1.0, Netscape 7.2.
SECUNIA has put public available a webpage that use the vulnerability to test is the browser you use is vulnerable. The address of the page is:
secunia.com/multiple_browsers_window_injection_vulnerability_test
Until the appearance of new versions of these browsers, which will remove this vulnerability, it is recommended not to access sites that don’t seems to be trust-worthy while you also access trusted sites.
