Slashdot Mirror


New Vulnerability Affects All Browsers

Jimmy writes "Secunia is reported about a new vulnerability, which affects all browsers. It allows a malicious web site to "hi-jack" pop-up windows, which could have been opened by e.g. a your bank or an online shop. Here is a demonstration of the vulnerability"

27 of 945 comments (clear)

  1. All your typos... by Indy+Media+Watch · · Score: 4, Funny

    Jimmy writes "Secunia is reported about a new vulnerability"

    And in other news, Slashdot is reported all about a new grammatical error in the headlines.

    Reporting anyone?

    --

    Indy Media Watch-Proctologist of the Internet

    1. Re:All your typos... by NMerriam · · Score: 4, Funny

      Grammatical errors on Slashdot? That's unpossible!

      --
      Recursive: Adj. See Recursive.
  2. Demo don't work by bigberk · · Score: 2, Funny

    the demo come up blank. all i see is a window called (Untitled) (and the globe spins then dies)

  3. It's called "Slashdotted" by mark-t · · Score: 2, Funny

    You must be new here.

    1. Re:It's called "Slashdotted" by pugugly · · Score: 2, Funny

      The ultimate anti-phishing scheme - post every new phishing scheme and URL on Slashdot,

      wait for 10,304,345 hits in the next five minutes as people post "x" in vulnerable "!X" is clear . . .

      server goes down

      Profit!

      --
      An Invisible Entity of Vast Power whose existence must be taken on faith alone: Liberal Media
  4. All browsers?!? by localman · · Score: 4, Funny

    I just don't believe it. Anything -- even an exploit -- working in all browsers would be unprecedented!

  5. jack pot by loid_void · · Score: 4, Funny

    i did it using safari, got citibank, i have no account but was able to transfer $100 million into an offshore account. That was some test

    --
    Anyone seen my jagged little pill?
    1. Re:jack pot by Corbin+Dallas · · Score: 2, Funny

      got citibank, i have no account but was able to transfer $100 million into an offshore account.

      Wow, did you get an email from Yassir Arafat's widow too? I'm still waiting for my cash transfer.

      --
      Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote.
  6. Re:Works for me by Porn+Whitelist · · Score: 3, Funny
    Not here - mind you, nothing's happening - it's slashdotted.

    Security through server meltdown?

  7. Re:Sniff, our little browser's all grown up... by kaiser423 · · Score: 4, Funny

    No, it's still impervious, the exploit didn't work on my system. Sorry, OSS still has a 100% perfect, virignal, like freshly-fallen snow track record. /sarcasm No one ever said any of those things, and I doubt that anyone believes them, so get off your high-horse.

  8. Re:All browsers?!? by El+Cubano · · Score: 5, Funny

    I just don't believe it. Anything -- even an exploit -- working in all browsers would be unprecedented!

    Lynx appears to be unaffected.

  9. Lynx Totally Unaffected by Slavinski · · Score: 2, Funny


    My lynx browsing is totally unaffected. ;)

  10. Re:I don't get it by holysin · · Score: 2, Funny

    Ahhhhh, so if you follow the instructions perfectly it might work. If you have multiple windows open, it won't work. Does this mean their vulnerability has a vulnerability?

  11. Re:no problem here... by Che+Guevarra · · Score: 3, Funny

    Doesn't seem to work on Cyberdog, but the OpenDoc community isn't as large as it used to be, so we're probably safe.

  12. Re:Sniff, our little browser's all grown up... by Anonymous Coward · · Score: 2, Funny

    You obviously typed emerge coolwebsearch at some point.

  13. Practice what I preach? by Joseph_Daniel_Zukige · · Score: 2, Funny

    LOL! I suppose I should change my /. password now, just in case Secunia's proof of concept had a more-than-friendly bit of code in it.

  14. You know you've found a good exploit... by Dipster · · Score: 4, Funny

    when it takes Slashdotters 5 minutes and other people's help to activate it...

  15. Re:All browsers?!? by toomin · · Score: 2, Funny

    Yeah, this is the first thing that came into my mind as I read slashdot in lynx, however, I wasn't able to log in to post. So, the tradeoff is there: being immune to some silly vulenerability, or having a completely functional browser. Take your pick..

  16. Re:All browsers?!? by TheUser0x58 · · Score: 2, Funny

    Mosaic v1.0 users are also reportedly not affected. Nevertheless, experts strongly encourage Mosaic users to upgrade anyways.

    --
    -- listen to interesting music, support independent radio... WPRB
  17. As of right now... by Reteo+Varala · · Score: 3, Funny

    "Firefox has prevented this site from opening 1632 pop-up windows. Click here for options..."

    And this is a version of Firefox I installed approximately two weeks ago. ...And now 2000... persistent little bugger...

  18. This sounds scary by einhverfr · · Score: 4, Funny

    All browsers? Can someone tell me how to get this to work on Lynx?

    --

    LedgerSMB: Open source Accounting/ERP
    1. Re:This sounds scary by Curtman · · Score: 4, Funny

      Gentoo here as well. Looks like IE in Wine is vulnerable though. Way to go Wine team, great compatibility. :)

  19. Does anyone else here... by theblacksun · · Score: 2, Funny

    feel sorry for citybank's webserver?

    --
    Ignorance kills, complacency kills, hatred kills, but usually not the ones guilty of them.
  20. Lynx support by nuntius · · Score: 4, Funny

    Rumor has it, patches to support this exploit in Lynx will be available by the end of the week. ;)

  21. Not all browsers affected by ctour · · Score: 2, Funny

    It didn't seem to work under Lynx... I don't really use that browser, but I'm just saying it doesn't affect ALL browsers.

  22. So... by dfj225 · · Score: 2, Funny

    That email I got about having extra security by making sure 1337hax0rz.ru was loaded in a separate window while using my bank's website was a lie? Maybe that is why my bank keeps asking me to give them my information again. How many times can they loose my account number and SSN?

    --
    SIGFAULT
  23. Re:no problem here... by Anonymous Coward · · Score: 2, Funny

    Are you the person at Microsoft who suggested manually typing in the URLs as a work-around for that IE exploit?