Dismiss Notice
Welcome to Our Community
Wanting to join the rest of our members? Feel free to sign up today.

New Vulnerability

Discussion in 'General Discussions and Lounge' started by ovi, Jan 14, 2005.

  1. ovi

    ovi Guest

    The Security Company SECUNIA has discovered vulnerability in many browsers, which can permit the attacker to trick the user and to find out sensitive data from him.
    The cause of this problem is the fact that the browser allows the control of the data shown in a window if it knows the name of this. In this way an attacker can prepare a modified web page and convince the user who visits this to open a trusted site in another window, using a link that seems to be ok in a "trap" page. Because it's a site that the attacker knows will be accessed, he knows the name of the window, this mean that the attacker could control the data shown in the open window by the user who thinks that he access the information from the trust site.
    Any data inserted in this fake page will be accessed by any attacker, who can access sensitive information. The vulnerability has been confirmed in the following versions of these browsers:
    Konqueror 3.2.2.-6. Opera 7.54, Safari 1.2.4, Microsoft Internet Explorer 6.0 (on a Windows XP SP1/SP2 System), mozilla 1.7.3, Mozilla Firefox 1.0, Netscape 7.2.
    SECUNIA has put public available a webpage that use the vulnerability to test is the browser you use is vulnerable. The address of the page is:


    Until the appearance of new versions of these browsers, which will remove this vulnerability, it is recommended not to access sites that don’t seems to be trust-worthy while you also access trusted sites.

Featured Resources (View All)

Share This Page