p2pnet - rss feed: Multi-browser security hole
p2pnet.net News:- “This page could have been a malicious web page, spoofed to look like a genuine Microsoft web page. You could e.g. be asked to install a component, which would compromise your system, or to provide your windows license key or credit card number. This is only limited by the imagination of the attacker (phisher).”
That’s what you’ll see if you’re using a vulnerable:
- Camino 0.x
- Internet Explorer 5.x for Mac
- Konqueror 3.x
- Mozilla 0.x
- Mozilla 1.0
- Mozilla 1.1
- Mozilla 1.2
- Mozilla 1.3
- Mozilla 1.4
- Mozilla 1.5
- Mozilla 1.6
- Mozilla Firefox 0.x
- Netscape 6.x
- Netscape 7.x
- Opera 5.x
- Opera 6.x
- Opera 7.x
- Safari 1.x
And it’s all down to a "moderately critical" seven-year-old security flaw that’s been, “re-introduced in Mozilla and Firefox, which can be exploited by malicious people to spoof the contents of web sites,” says Secunia.
What can you do about it?
Don’t browse “untrusted” web sites while browsing trusted sites, says the company, going on:
“The problem is that the browsers don’t check if a target frame belongs to a website containing a malicious link, which therefore doesn’t prevent one browser window from loading content in a named frame in another window.
“Successful exploitation allows a malicious website to load arbitrary content in an arbitrary frame in another browser window owned by e.g. a trusted site.”
Something you think we should know? tips[at]p2pnet.net
See:-
Secunia - Mozilla / Mozilla Firefox Frame Injection Vulnerability, June 6, 2005
