MozzillaZine: Mozilla and Other Browsers Vulnerable to Tabbed Browsing Spoofing AttackThe
An excerpt from an article posted in MozillaZine on 20 October 2004:
Mozilla and Other Browsers Vulnerable to Tabbed Browsing Spoofing Attack
Wednesday October 20th, 2004
Secunia has issued an advisory regarding tabbed browsing spoofing vulnerabilities in the Mozilla series of browsers. One spoof involves persuading the user to open a link to a trusted site in a new tab and then opening a JavaScript input box that appears to come from the trusted site when it actually sends its data back to the trickster. Another flaw again requires the user to open a link to a trusted site in a new tab, though this time the spoofer uses JavaScript to continually move focus back to a form field on the malicious page without causing the active tab to change from the trusted site. This means that a user who tries to enter form data on the trusted page will instead be passing information to the attacker. Slashdot has an article about this latest spoofing flaw, which also covers other browser holes published by Secunia today. According to Secunia's original tabbed browsing vulnerability advisory, the Mozilla Foundation was informed on October 4th, sixteen days ago.
Read more here.
Mozilla and Other Browsers Vulnerable to Tabbed Browsing Spoofing Attack
Wednesday October 20th, 2004
Secunia has issued an advisory regarding tabbed browsing spoofing vulnerabilities in the Mozilla series of browsers. One spoof involves persuading the user to open a link to a trusted site in a new tab and then opening a JavaScript input box that appears to come from the trusted site when it actually sends its data back to the trickster. Another flaw again requires the user to open a link to a trusted site in a new tab, though this time the spoofer uses JavaScript to continually move focus back to a form field on the malicious page without causing the active tab to change from the trusted site. This means that a user who tries to enter form data on the trusted page will instead be passing information to the attacker. Slashdot has an article about this latest spoofing flaw, which also covers other browser holes published by Secunia today. According to Secunia's original tabbed browsing vulnerability advisory, the Mozilla Foundation was informed on October 4th, sixteen days ago.
Read more here.
This entry was posted
on Thursday, October 21, 2004 at 10:45.
There are .
Post a Comment if you have something interesting to say. Read the J Spot for Angelo's writings on tech stuff.
» Post a Comment