“New vulnerabilities in virtually every non-Internet Explorer browser give hackers a way to hijack confidential data entered into Web sites, a security firm warned late Wednesday,” TechWeb reports.
“The flaws, which affect the Mozilla/Firefox family of browsers, Opera, Apple’s Safari, AOL’s Netscape, and the Linux-based Konqueror, open up a spoofing avenue that attackers can exploit to rip off information, said Secunia in an advisory,’ TechWeb reports. “All these browsers offer tabbed windows, a feature that lets users quickly load multiple pages or Web sites, then flip between them. Unfortunately, the vulnerabilities allow hackers to launch dialog boxes from one tabbed window but make it seem as if it’s actually appearing in another. The other bug allows a site open in one tab to grab information typed into forms on a site open in a second.”
“The hack needs some help from the user, said Secunia. ‘Successful exploitation would normally require that a user is tricked into opening a link from a malicious Web site to a trusted Web site in a new tab,’ the alert read in part,’ TechWeb reports. “Among the affected browsers are Mozilla 1.7.2 and 1.7.3, Firefox 0.10.1, Opera 6.x and Opera 7.x, Safari 1.x, Netscape 7.x, and Konqueror 3.x.”
Full article here.