Major Browsers Have JS Pop-Up Flaw

An anonymous reader writes "Secunia is warning that several popular browsers contain a vulnerability that could allow a phishing attack. 'The problem is that JavaScript dialog boxes do not display or include their origin, which allows a new window to open -- for example, a prompt dialog box -- which appears to be from a trusted site,' Secunia said. The browsers include the latest versions of IE, IE for Mac, Safari, iCab, Mozilla, Mozilla Firefox and Camino. Opera 7 and 8 are also affected but not 8.01."

It's not a flaw according to MS...

[bc90021]

...and they're not going to release a patch for it.

And you *know* that if Microsoft says it's not a flaw, well, then, it mustn't be a flaw. ;)

Re:old news

It's not even a bug.

It's advertising and FUD from those Opera guys. They are really getting boring.

- Opera adds a feature that shows the name of the site in the title bar in their last build ;
- Someone at Opera reports it (under a false name) as a security issue affecting every browser BUT Opera ;
- Slashdot runs one more article about the genious of this stupid paid-for, closed source browser.

That's not the first time it happens, nor the last one. /., stop supporting Opera FUD. Thanks.

Re:stop developing with JavaScript

[AKAImBatman]

People should stop developing with JavaScript. It's nothing but trouble.

Poppycock. This is nothing more than a typical knee-jerk reaction to a minor security flaw. Should we all stop using email because phisers can craft ones that look like someone elses?

Lots of sites use JavaScript very effectively. So many in fact, that it's rather difficult to make such a wild statement as "JAvascript is nothing but trouble." Google is a perfect example of a highly useful site with JS. For example, Maps and GMail both rely heavily on JS. In fact, most webmail sites contain JS. And without JS, you couldn't have neat stuff like this. (Login is test, test)