Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Vulnerability Affects All Browsers

Posted by samzenpus on from the everything-equal dept.

Jimmy writes "Secunia is reported about a new vulnerability, which affects all browsers. It allows a malicious web site to "hi-jack" pop-up windows, which could have been opened by e.g. a your bank or an online shop. Here is a demonstration of the vulnerability"

3 of 945 comments (clear)

  1. Great.... by amemily · · Score: 0, Flamebait

    I'm sure the Moz team will have a fix out soon, but I seriously doubt Microsoft will have one out fast enough for us poor slobs that have networks full of stupid users who use IE (sorry, Moz won't cut it unless you can manage it with Group Policies...)

  2. I call bullshit!! by itwerx · · Score: 1, Flamebait

    And here's why:

    It only works if you open the link from their site. So yeah, if they control the session they can do what they want, OMGWTFBBQ duh!

    Easy test to prove this:
    1 - Open CitiBank with their link and be horrified.
    2 - Now, leaving their windows open, open a new browser window and go to exactly the same URL, and hey presto - it doesn't work!

    So yeah, it's a cute trick, but I wouldn't be wetting my pants over it...

  3. Wow, a brow-ser hi-jack! by phozz+bare · · Score: 0, Flamebait
    The hi-jack seems to work with Fire-fox, wow, what a sur-prise! And we thought Fire-fox was ready for the main-stream, but maybe it's a bit pre-mature. I'm sor-ry, is this off-topic?

    pho-zz