“New vulnerabilities in virtually every non-Internet Explorer browser give hackers a way to hijack confidential data entered into Web sites, a security firm warned late Wednesday,” TechWeb reports.
“The flaws, which affect the Mozilla/Firefox family of browsers, Opera, Apple’s Safari, AOL’s Netscape, and the Linux-based Konqueror, open up a spoofing avenue that attackers can exploit to rip off information, said Secunia in an advisory,’ TechWeb reports. “All these browsers offer tabbed windows, a feature that lets users quickly load multiple pages or Web sites, then flip between them. Unfortunately, the vulnerabilities allow hackers to launch dialog boxes from one tabbed window but make it seem as if it’s actually appearing in another. The other bug allows a site open in one tab to grab information typed into forms on a site open in a second.”
“The hack needs some help from the user, said Secunia. ‘Successful exploitation would normally require that a user is tricked into opening a link from a malicious Web site to a trusted Web site in a new tab,’ the alert read in part,’ TechWeb reports. “Among the affected browsers are Mozilla 1.7.2 and 1.7.3, Firefox 0.10.1, Opera 6.x and Opera 7.x, Safari 1.x, Netscape 7.x, and Konqueror 3.x.”
Full article here.
Sounds like the money faucet at MS is running overtime.
Same thing with mouseover hyperlink on IE at work (Windows 2000 Pro..ugh!) but you have to hover over the link for a long time to make it happen, and the proxy servers here are very fast.
Clicking on the link doesn’t make any dialog box come up at all. I just get the site they refer to, on which I did not sign on or enter any info anyway.
The Sky is Falling
I tried Secunia’s test both in tabs and in a new window and nothing happened. Their Results box remained empty
Essentially it activates a script.
It has nothing to do with tabbed browsing. The original website needs to be kept open for it to work.
Mousing over the link, opening the link in a new window or in a tab activates the script.
Secunia is misleading the public and trying to make IE and MS look good.
thank god for MS’s lack of progress…
Crossing the road is the bigger danger
Life = Uncertainty
This must be a Joke right?
The Secunia test brings me back to THEIR page, not the tabbed CitiBank one for the *exploit* to work.
What exploit is this? It is done all the time on web sites. You click and a panel asks for info. If for that to work on Safari the *cracker* has to have you viewing the malicious web site rather then the legit one it is fishing for idiots which happens all the time. AND, could one explain to me why you would go to your financial institutions THROUGH a link to a casual web page (anyone p0rn?)
“Wow, look at that kamasutra position. OH wait, there is as well a link to my bank under those big boobs. Let’s check the account… CLICK. Ohhh, my bank asks for my password while letting me see the p0rn site as well. They’re so cool.”
Ludicrous.