Netscape Java Tab Spoofing Vulnerability-Mac OSX

Secunia Security Advisories reports this vulnerability today:

SECUNIA ADVISORY ID:
SA12392

VERIFY ADVISORY:
http://secunia.com/advisories/12392/

CRITICAL:
Less critical

IMPACT:
Spoofing

WHERE:
From remote

OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/

SOFTWARE:
Netscape 7.x
http://secunia.com/product/85/

DESCRIPTION:
J. Courcoul has discovered a vulnerability in Netscape, which can be
exploited by malicious people to conduct phishing attacks.

The problem is caused due to errors in the displaying of Java applets
in a window when multiple tabs are used. This can be exploited to
spoof the content of a HTML document from another HTML document being
in a different tab.

The vulnerability has been confirmed in Netscape 7.2 on Mac OS X
10.3.5.

SOLUTION:
Open untrusted sites in separate windows.

PROVIDED AND/OR DISCOVERED BY:
J. Courcoul

 

I tested this vulnerability. I can confirm it exists in Netscape 7.2 (for Mac OS X 10.3.5) and Mozilla 1.7 (for Mac OS X).

The good news is this vulnerability does not exist in Camino 0.8.1 or Safari 1.2.3.

 

Antony,

Thanks very much for the feedback!

Ramona

 

I tested more, and I think it might be useful to list the vulnerable browsers.

Netscape 7.2 for OS X (under both 'Panther' 10.3.5 and 'Jaguar' 10.2.8) exhibits vulnerability.
Mozilla 1.7 for OS X (under both Panther and Jaguar) exhibits vulnerability
Firefox 0.9.3 for OS X (under both Panther and Jaguar) exhibits vulnerability.

Both Macs have latest OS X Security Update and Java update installed.

Safe browsers:
Safari 1.2.3 (Panther), Safari 1.0.3 (Jaguar), Camino 0.8.1