Almost all browsers are vulnerable to the Window Injection Vulnerability. This is what Secunia Research reported recently. They even have a test page to demonstrate the vulnerability. Here's what they're saying:
Secunia Research has reported a vulnerability in Mozilla / Mozilla Firefox, which can be exploited by malicious people to spoof the content of websites. The problem is that a website can inject content into another site's window if the target name of the window is known. This can e.g. be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website.Upon testing my FireFox 1.0, I found that indeed, Firefox is vulnerable as mentioned. The pop-up window was spoofed if I were to launch the link directly in the same browser tab. However, if the link was launched into a new tab, the spoof did not happen. What does this mean? Will I be safer if I were to launch all links into new tabs then? I dunno. Is there a patch for this yet? As of this writing, i haven't seen any announcement of a patch out yet for this. Thus, be extra carefull y'all...
0 comments
Post a Comment