Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Vulnerability Affects All Browsers

Posted by samzenpus on from the everything-equal dept.

Jimmy writes "Secunia is reported about a new vulnerability, which affects all browsers. It allows a malicious web site to "hi-jack" pop-up windows, which could have been opened by e.g. a your bank or an online shop. Here is a demonstration of the vulnerability"

4 of 945 comments (clear)

  1. Not quite hijacking by fembots · · Score: 3, Interesting

    I opened Secunia, Then open another browser window to Citibank via Ctrl+N, and click on Citybank's Consumer Alert button, nothing happened.

    But if I used the link from Secunia to access Citybank, the Popup is then hijacked.

    So it seems like you need to access (click on a link to) your trusted site via an untrusted site to get hijacked?

    --
    Rock that crushes, Paper & Scissors that don't matter.
  2. Re:no problem here... by Otter · · Score: 3, Interesting
    Same here -- the popup was hijacked in Mozilla 1.6 but my rather ancient Safari 1.0.3 put up the correct Citibank window.

    We haven't heard from any Konqueror users yet (and the modem in my Linux box is broken so I can't check it myself). Is the immunity a khtml thing or was it Apple?

    --
    What I'm listening to now on Pandora...
  3. Firefox 1.0 by pugugly · · Score: 3, Interesting

    Just an interesting note - if I left click on secunia's test page, and secunia opens citibank in a new tab, the exploit works.

    If I middleclick on the test page and *force* firefox to open the site in a new tab, the exploit fails.

    I don't know enough to now if this is a limitation in the exploit or in how they've written the exploit, but it's odd and interesting

    --
    An Invisible Entity of Vast Power whose existence must be taken on faith alone: Liberal Media
  4. in my opinion there is a simple fix for this by Pr0xY · · Score: 3, Interesting

    I think there is an easy fix for this. Basically the exploit is based on the fact that you can use javascript to open a window with the target the same as another window and overwrite the other ones content.

    Well, why not make a new rule in javascript that would disallow any javascript code to access any popups that aren't a direct child of the current instance of the browser.

    Basically what i mean is to have each window in it's own namespace and have the child window share said namespace. (I think one would have to not allow grandparents to access it either though).

    so basically if two seperate windows open a window with target="name" then 2 windows are opened one for each instance and they have nothing to do with each other.

    proxy