Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Vulnerability Affects All Browsers

Posted by samzenpus on from the everything-equal dept.

Jimmy writes "Secunia is reported about a new vulnerability, which affects all browsers. It allows a malicious web site to "hi-jack" pop-up windows, which could have been opened by e.g. a your bank or an online shop. Here is a demonstration of the vulnerability"

30 of 945 comments (clear)

  1. All your typos... by Indy+Media+Watch · · Score: 4, Funny

    Jimmy writes "Secunia is reported about a new vulnerability"

    And in other news, Slashdot is reported all about a new grammatical error in the headlines.

    Reporting anyone?

    --

    Indy Media Watch-Proctologist of the Internet

    1. Re:All your typos... by NMerriam · · Score: 4, Funny

      Grammatical errors on Slashdot? That's unpossible!

      --
      Recursive: Adj. See Recursive.
  2. Demo don't work by bigberk · · Score: 2, Funny

    the demo come up blank. all i see is a window called (Untitled) (and the globe spins then dies)

  3. It's called "Slashdotted" by mark-t · · Score: 2, Funny

    You must be new here.

    --
    File under 'M' for 'Manic ranting'
    1. Re:It's called "Slashdotted" by pugugly · · Score: 2, Funny

      The ultimate anti-phishing scheme - post every new phishing scheme and URL on Slashdot,

      wait for 10,304,345 hits in the next five minutes as people post "x" in vulnerable "!X" is clear . . .

      server goes down

      Profit!

      --
      An Invisible Entity of Vast Power whose existence must be taken on faith alone: Liberal Media
  4. All browsers?!? by localman · · Score: 4, Funny

    I just don't believe it. Anything -- even an exploit -- working in all browsers would be unprecedented!

  5. jack pot by loid_void · · Score: 4, Funny

    i did it using safari, got citibank, i have no account but was able to transfer $100 million into an offshore account. That was some test

    --
    Anyone seen my jagged little pill?
    1. Re:jack pot by Corbin+Dallas · · Score: 2, Funny

      got citibank, i have no account but was able to transfer $100 million into an offshore account.

      Wow, did you get an email from Yassir Arafat's widow too? I'm still waiting for my cash transfer.

      --
      Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote.
  6. Re:Works for me by Porn+Whitelist · · Score: 3, Funny
    Not here - mind you, nothing's happening - it's slashdotted.

    Security through server meltdown?

    --
    my journal: scripts for leaching porn baked fresh daily
  7. Re:Sniff, our little browser's all grown up... by kaiser423 · · Score: 4, Funny

    No, it's still impervious, the exploit didn't work on my system. Sorry, OSS still has a 100% perfect, virignal, like freshly-fallen snow track record. /sarcasm No one ever said any of those things, and I doubt that anyone believes them, so get off your high-horse.

  8. Re:All browsers?!? by El+Cubano · · Score: 5, Funny

    I just don't believe it. Anything -- even an exploit -- working in all browsers would be unprecedented!

    Lynx appears to be unaffected.

  9. Firefox protects IE!? by thecampbeln · · Score: 1, Funny
    Heeheehee, how's this for irony -

    I tried the exploit in Firefox 1.0pr without the exploit working. So I thought I'd try it in IE, so from the Secunia.com page loaded within Firefox "Right Click > Open Link Target in IE" I go and once again, poof... not working. Finally I loaded the Secunia.com page in IE, then clicked the link and only then did the exploit work.

    So there you have it... Firefox seems to protect IE from this exploit, how funny is that!?

    --
    "1984" was ment to be a warning, not a guidebook. You hear that Kim Jong-il!? BushCo?!
  10. Secunia Vuln Report. by Anonymous Coward · · Score: 1, Funny

    Did anyone read the report on this, the solutions is ammusing.

    Solution:
    Do not browse untrusted sites while browsing trusted sites.

  11. Uh, little overkill here guys? by Anonymous Coward · · Score: 1, Funny

    Firefox prevented this site from opening 764 popup windows.

    You know, I think I'd get the idea after the first few hundred popups, Secunia...

    Interestingly, the vulnerability doesn't seem to work if you open the Citibank link in a new tab instead of a new window.

  12. Lynx Totally Unaffected by Slavinski · · Score: 2, Funny


    My lynx browsing is totally unaffected. ;)

  13. Re:I don't get it by holysin · · Score: 2, Funny

    Ahhhhh, so if you follow the instructions perfectly it might work. If you have multiple windows open, it won't work. Does this mean their vulnerability has a vulnerability?

  14. Re:no problem here... by Che+Guevarra · · Score: 3, Funny

    Doesn't seem to work on Cyberdog, but the OpenDoc community isn't as large as it used to be, so we're probably safe.

  15. Re:Sniff, our little browser's all grown up... by Anonymous Coward · · Score: 2, Funny

    You obviously typed emerge coolwebsearch at some point.

  16. Practice what I preach? by Joseph_Daniel_Zukige · · Score: 2, Funny

    LOL! I suppose I should change my /. password now, just in case Secunia's proof of concept had a more-than-friendly bit of code in it.

  17. You know you've found a good exploit... by Dipster · · Score: 4, Funny

    when it takes Slashdotters 5 minutes and other people's help to activate it...

  18. Re:All browsers?!? by toomin · · Score: 2, Funny

    Yeah, this is the first thing that came into my mind as I read slashdot in lynx, however, I wasn't able to log in to post. So, the tradeoff is there: being immune to some silly vulenerability, or having a completely functional browser. Take your pick..

  19. Re:All browsers?!? by TheUser0x58 · · Score: 2, Funny

    Mosaic v1.0 users are also reportedly not affected. Nevertheless, experts strongly encourage Mosaic users to upgrade anyways.

    --
    -- listen to interesting music, support independent radio... WPRB
  20. As of right now... by Reteo+Varala · · Score: 3, Funny

    "Firefox has prevented this site from opening 1632 pop-up windows. Click here for options..."

    And this is a version of Firefox I installed approximately two weeks ago. ...And now 2000... persistent little bugger...

    --
    The Penguin Producer
  21. This sounds scary by einhverfr · · Score: 4, Funny

    All browsers? Can someone tell me how to get this to work on Lynx?

    --

    LedgerSMB: Open source Accounting/ERP
    1. Re:This sounds scary by Curtman · · Score: 4, Funny

      Gentoo here as well. Looks like IE in Wine is vulnerable though. Way to go Wine team, great compatibility. :)

  22. Does anyone else here... by theblacksun · · Score: 2, Funny

    feel sorry for citybank's webserver?

    --
    Ignorance kills, complacency kills, hatred kills, but usually not the ones guilty of them.
  23. Lynx support by nuntius · · Score: 4, Funny

    Rumor has it, patches to support this exploit in Lynx will be available by the end of the week. ;)

  24. Not all browsers affected by ctour · · Score: 2, Funny

    It didn't seem to work under Lynx... I don't really use that browser, but I'm just saying it doesn't affect ALL browsers.

  25. So... by dfj225 · · Score: 2, Funny

    That email I got about having extra security by making sure 1337hax0rz.ru was loaded in a separate window while using my bank's website was a lie? Maybe that is why my bank keeps asking me to give them my information again. How many times can they loose my account number and SSN?

    --
    SIGFAULT
  26. Re:no problem here... by Anonymous Coward · · Score: 2, Funny

    Are you the person at Microsoft who suggested manually typing in the URLs as a work-around for that IE exploit?