“Several popular Web browsers contain a vulnerability that could be used by cybercriminals to steal personal data, security company Secunia has warned,” Graeme Wearden reports for CNET News. “The flaw would allow a phishing attack in which a malicious JavaScript pop-up window appeared in front of a trusted Web site, Secunia said in an alert published Tuesday. This could trick a surfer into revealing data such as a password. ‘The problem is that JavaScript dialog boxes do not display or include their origin, which allows a new window to open–for example, a prompt dialog box–which appears to be from a trusted site,’ said Secunia’s advisory.”
Wearden reports, “According to Secunia, the latest versions of Internet Explorer, Internet Explorer for Mac, Safari, iCab, Mozilla, Mozilla Firefox and Camino are all vulnerable. Opera 7 and 8 are affected, but not 8.01, according to Opera.”
More info in the full article here.
pop-ups SUCK A$$
I would like to have this opportunity to proclaim to the mac community that I am gay. That is all, thank you.
first of all sputnik…if that were really you…oh wait…what was i going to say….
walter…i laughed-i actually laughed when i read that. this wasn’t a fast exhale, a chuckle..no. i laughed. you couldn’t have stated anything more obvious, yet somehow that was funny.
oh i remember now-sputnik, if that were really you, why tell us again. “you” posted previously that you were gay….please dont rub it in.
Secunia also announced a serious flaw in human wetware that leaves people vulnerable to Scientology and Catholicism.
I guess there’s a battle amongst the security companies to see who can mislabel the most end-user stupid human tricks as software vulnerabilities.
I found a new vulnerability at the zoo. Monkeys might crap in their hands and throw it at you.
ohmygawd apple safari effected for this====
don´t believe it! don´t believe it!
there is nothing wrong with anything that apple does,nothing!!!
this is fud. apple can do no wrong.
i know all you others here will chime in and say it is nothing, but if only IE had been listed you would be laughing and saying IE sucks…and that on an apple it really is not as bad in safari than IE…
there is nothing wrong with anything that apple does,nothing!!!
Well, considering there are no latest versions of Internet Explorer for Mac . . . That software has been abandoned for a few years. Sounds like pooey to me.
AND MDN IS THE BIGGEST CULPRIT, accepting all these popup ads.
It’s a phishing scam–someone fooling you–not a virus. There have been plenty of those “vulnerabilities” in Mac browsers. Not as many as MS has, but OS X has flaws and nobody has ever doubted that. That’s why Apple patches them!
Nobody has EVER said Macs are immune from phishing scams.
They are immune (so far) from attacks, however.
Hey Wally, IE didn’t earn the reputation for insecurity over night. IE worked hard to earn it.
After HUNDREDS of IE security holes being found, exploited, and reported on in the wild, IE deserves the reputation it has.
Yeah, it is more surprising to read about this vulnerability for Safari and other mac based browsers. but not because it exists but because it wasn’t previously patched with an Apple security update.
We know Apple’s software has security holes. We also know Apple PROactively corrects them.
“them” is my Magic Word
I don’t get popups at MDN. firefox 1.0.4.
This isn’t as much of a browser vulnerability as it is a user vulnerability.
To prove my point, let’s say a person (Bob) goes to his usual bank, and is greeted outside the door by another guy (Hank) who is wearing a suit and is claiming to be a representative of the bank. Hank explains that in order to serve Bob better as a customer, Hank will write down Bob’s account number, Visa number, etc. on a clipboard, run into the bank to “verify his account information”, which will allow Bob to go directly to the front of the line.
Let’s face it, in this scenario, some people would actually give up their information to a perfect stranger – whether it’s a guy outside the bank, or a popup window in front of a trusted site, some folks are just going to get fleeced because they don’t know any better.
That’s why I think calling this a “browser vulnerability” is a big stretch. Yes, we can (and should) fix the browsers so that popups spawned from untrusted sites can be more obvious, but consumer education is really the key.
This really does sound like another Windows only i.e it’s for Windows IE. No self-respecting Mac user would go into Classic to use Internet Explorer.
Anyone who still uses pre-OS10 now has a damn fine reason to immediately update.
Oh one final point, many of my students (in Australia) are young adults and I keep telling them about phishing and they have no idea about it. Of course they ARE all Windows users.
I feel another M’soft patch coming. I think this one is numbered Service Pack 2/1.000,000,000, ad infinitum.
thank you all for apologizing for apple and saying IE sucks for doing the same thing as safari.
bikersrule “I feel another M’soft patch coming. I think this one is numbered Service Pack 2/1.000,000,000, ad infinitum.”
I feel another Apple OSX Security Update coming, this one is numbered Security Update 2/1.000,000,000, ad infinitum.
Why is it when Apple does it, it is okay? But when M$ does it, it sucks???
I tried it and it worked on Safari. Hope they get this plugged soon. OK for us in the know but lots of people will get suckered by this.
Geezie, Queeezie,
Get over it. It’s just a flippant comment.
re queezy,
Cause when apple does them they actually work.
you dildo
re librium:
so why didn´t they already fix this one?
you douche bag
Geezie, justified,
Get over it. It’s just a flippant comment.
I would like to take this opportunity to announce that I am straight. I’m gay about being straight, by which I mean that I’m happy with being straight. So in that limited sense, I am also gay.
What was the question?
Queezie, “Why is it when Apple does it, it is okay? But when M$ does it, it sucks???”
Because Queezie, Mac users Shit dont stink thats why and because if you use windows, your are considered a complete fool, a loser, and inferior to everything , including a wad of spit on the ground..Because CrApple users are above and beyond anything that you or I or anyone else can EVER comprehend. The are the elite wankers who feel a need to push their platform over on anyone who doesnt follow. They are mostly gay turd tappers who cant tell their butt buddies butthole from a whole in the ground, but they are smart enough to convince you that the sky is white, steve jobs is god, and there is no hell…
Thats why BuBBa…
and thus, this thread has died.