Big Day For Browser Vulnerabilities
An anonymous reader writes "All browsers have been reported vulnerable to different vulnerabilities today. Starting with: Internet Explorer on XP SP1/SP2, which suffers a new system compromise (of course) vulnerability. Continuing with: Opera, Mozilla / Mozilla Firefox / Camino, Safari, Netscape, Konqueror, Avant Browser and Maxthon, which all suffers some new spoofing vulnerabilitities. Demonstrations of the spoofing vulnerabilities are available here and here."
For those who can't be bothered to RTFA, the Mozilla vulnerability is essentially a standard link with an "onMouseOver" bit which runs a little piece of JavaScript.
The JavaScript pauses for a few seconds (while you presumably get distracted by another page) then flashes up a "Please enter some text" dialogue box.
A similar effect could be achieved by calling the JavaScript on pretty much any event; the vulnerability relies on it being unclear which site caused the dialogue box to pop up. I can see how it could be classed a vulnerability, but it's hardly earth shattering.
I would be more in favor of a tab not opening a dialog or firing any other events until it becomes active again. Allowing tabs to gain focus without user intervention has the potential to be annoying as hell. For example, an ad on a page could keep popping that tab to the front for you to see it. Ugh.