Slashdot Mirror

← Back to Stories (view on slashdot.org)

HTML Frames Considered Harmful

Posted by timothy on from the also-ugly dept.

DLWormwood writes "Secunia has recently issued yet another advisory about web browser vulnerabilities, this time concerning the use of frames in web pages. Originally discovered to be in Internet Explorer, the security experts apparently worked overtime just to make sure the same "flaw" is found in just about every other browser out there. Doesn't this notice simply complain about a specified design feature of frames? (Note their official "advice": "Do not visit or follow links from untrusted websites.")"

5 of 104 comments (clear)

  1. no posts, already slashdotted by danguyf · · Score: 3, Funny

    I clicked "Vulnerabilities" in Secunia's menu frame and now the site won't come up... Which is the greater danger, frames or the slashdot effect?

  2. Fortunately, not every browser... by Anonymous Coward · · Score: 3, Funny

    Those of use using the Contiki web browser as our primary browser are still safe! Phew!

  3. The report by k4_pacific · · Score: 5, Funny

    Type: Spoofing
    Exploit: Local
    Effects: All browsers

    Description:
    A 6 year old vulnerability has been discovered in multiple browsers, allowing malicious people to spoof the content of websites.

    The problem is that the browsers don't check if a piece of black electrical tape is on the screen covering the address bar, which prevents the user from identifying the source of content in the browser window.

    Successful exploitation allows a malicious website to load arbitrary content with its source masked by the black tape. The user cannot know if this is a trusted site.

    Solution:
    Remove the piece of electrical tape from the screen. Windex may be necessary to clean up afterwards.

    --
    Unknown host pong.
  4. No Kidding! by blunte · · Score: 2, Funny

    Here I am feeling like a loser because I can't make the bug work.

    "Damnit! Even the stupid bugs and exploits don't work on this crappy machine!"

    --
    .sigs are for post^Hers.
  5. I just found another bug existing in all browsers by Stevyn · · Score: 1, Funny

    This affects all browsers I've tried it on. When you click in a "hyperlink" it brings you to a page without asking you specifically if you would like to switch pages. Things to watch out for is the mouse pointer changing to a finger. In fact, if you pointer does change to a finger, you're probably vulnerable. The most shocking aspect is even Lynx is vulnerable to this web bug.