1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Multiple Browsers Frame Injection Vulnerability

Discussion in 'Firefox, Thunderbird & SeaMonkey' started by broni, 2004/07/11.

Thread Status:
Not open for further replies.
  1. 2004/07/11
    broni

    broni Moderator Malware Analyst Thread Starter

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    According to Secunia web site:
    "A 6 year old vulnerability has been discovered in multiple browsers, allowing malicious people to spoof the content of websites.

    The problem is that the browsers don't check if a target frame belongs to a website containing a malicious link, which therefore doesn't prevent one browser window from loading content in a named frame in another window.

    Successful exploitation allows a malicious website to load arbitrary content in an arbitrary frame in another browser window owned by e.g. a trusted site.

    Secunia has constructed a test, which can be used to check if your browser is affected by this issue:
    http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/

    The vulnerability has been confirmed in the following browsers:
    * Opera 7.51 for Windows
    * Opera 7.50 for Linux
    * Mozilla 1.6 for Windows
    * Mozilla 1.6 for Linux
    * Mozilla Firebird 0.7 for Linux
    * Mozilla Firefox 0.8 for Windows
    * Netscape 7.1 for Windows
    * Internet Explorer for Mac 5.2.3
    * Safari 1.2.2
    * Konqueror 3.1-15redhat

    Other versions may also be affected.

    The vulnerability also affects Internet Explorer "

    I tested my Netscape 7.1 HERE , and surely it failed.
    Do you know about any patch, or workaround for it?
     
    broni,
    #1
  2. 2004/07/11
    Ramona

    Ramona Geek Member Alumni

    Joined:
    2001/12/31
    Messages:
    7,481
    Likes Received:
    2
    Hi broni,

    See this thread: http://www.windowsbbs.com/showthread.php?t=32457

    As you read in the Securia report:

    Solution:
    Do not browse untrusted sites while browsing trusted sites.

    The following browsers are not affected:
    * Mozilla Firefox 0.9 and later
    * Mozilla 1.7
    * Opera 7.52

    Ramona
     
    Ramona,
    #2


  3. to hide this advert.

  4. 2004/07/12
    Antony

    Antony Inactive

    Joined:
    2002/01/01
    Messages:
    405
    Likes Received:
    0
    Antony,
    #3
  5. 2004/07/12
    broni

    broni Moderator Malware Analyst Thread Starter

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Antony
    I apolgize for double posting, but I was just concerned.
     
    broni,
    #4
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...