1. Welcome! Please take a few seconds to create your free account to post threads, make some friends, remove a few ads while surfing and much more. ClutchFans has been bringing fans together to talk Houston Sports since 1996. Join us!

Is Tabbed Browsing Secure??--Tabbed Browsing Flaws Detected!

Discussion in 'BBS Hangout' started by ayears, Oct 21, 2004.

Tags:
  1. ayears

    ayears Member

    Joined:
    Dec 11, 2003
    Messages:
    728
    Likes Received:
    0
    Tabbed Browsing Flaws Detected

    By Ryan Naraine

    Tabbed browsing, one of the more popular features built into alternative Web browsers, contains a security flaw that puts users at risk of spoofing attacks, research firm Secunia warned on Wednesday.

    Secunia released an advisory detailing the flaws, which affect users of Mozilla, Mozilla Firefox, Netscape, Opera, Camino, Konqueror, Avant Browser and Maxthon (MyIE2).

    The flaws target the tabbed browsing feature, which lets surfers view multiple Web sites in a single browser session.

    According to Secunia, the first bug makes it possible for an inactive tab to spawn dialog boxes even if the user is viewing a different Web site in another tab.

    The browsers don't indicate which tab launched the dialog boxes, according to Secunia. This could lead the user into disclosing information to a malicious Web site or to download and run a program, which the user thought came from another trusted Web site, the company warned.

    Mozilla 1.7.3, Mozilla Firefox 0.10.1, Camino 0.8, Opera 7.54, Konqueror 3.2.2-6, Netscape 7.2, Avant Browser 9.02 build 101, Avant Browser 10.0 build 029 and Maxthon (MyIE2) 1.1.039 are the browser versions susceptible to this flaw.

    A demonstration of this vulnerability has been posted online.

    A second vulnerability also makes it possible for an inactive tab to always gain focus on a form field in the inactive tab, even if the user is viewing a different Web site in another tab, Secunia said.

    "This is escalated a bit by the fact that most people do not look at the monitor while typing data into a form field, and therefore might send data to the site in the inactive tab, instead of the intended/viewed tab," the company added.

    A demonstration illustrates how users of the following browsers were at risk: Mozilla 1.7.3, Mozilla Firefox 0.10.1, Netscape 7.2, Avant Browser 9.02 build 101, Avant Browser 10.0 build 029 and Maxthon (MyIE2) 1.1.039.

    Secunia's severity ratings for the flaws vary from "moderately critical" to "less critical" depending on the browser. The company recommends that users avoid visiting trusted Web sites when tabs are open with pages of untrusted sites.

    Alternatively, users are urged to disable JavaScript until vendor fixes are made available.

    Link


    Solution: Disable JavaScript or do not visit untrusted and trusted websites at the same time.

    Multiple Browsers Tabbed Browsing Vulnerabilities(Secunia Research 20/10/2004)

    Test to see if your browser is vulnerable to the "Form Field Focus Vulnerability
     
    #1 ayears, Oct 21, 2004
(You must log in or sign up to post here.)

Share This Page