Pop-up vulnerability found in major browsers

1

Pop-up vulnerability found in major browsers

offline
  • Pridružio: 20 Feb 2005
  • Poruke: 4505
  • Gde živiš: planeta Zemlja

Several popular Web browsers contain a vulnerability that could be used by cybercriminals to steal personal data, security company Secunia has warned.

The flaw would allow a phishing attack in which a malicious JavaScript pop-up window appeared in front of a trusted Web site, Secunia said in an alert published Tuesday. This could trick a surfer into revealing data such as a password.

"The problem is that JavaScript dialog boxes do not display or include their origin, which allows a new window to open--for example, a prompt dialog box--which appears to be from a trusted site," said Secunia's advisory.

According to Secunia, the latest versions of Internet Explorer, Internet Explorer for Mac, Safari, iCab, Mozilla, Mozilla Firefox and Camino are all vulnerable. Opera 7 and 8 are affected, but not 8.01, according to Opera.

To take advantage of the flaw, a cybercriminal would have to direct a Web user from a malicious site to a genuine, trusted site such as an online bank, in a new browser window. The malicious site would then open a JavaScript dialog box in front of the trusted Web site, and a user might then be fooled into sending personal information back to the malicious site.

Microsoft has said it is investigating Secunia's claims. It encouraged surfers not to trust pop-up windows that don't include an address bar or a lock icon that verifies that it came from a certified source.

Mozilla Firefox developers have already been making moves to combat this kind of phishing attack. Back in April, a patch was developed that allows people to block Java and Flash-based pop-ups unless they came from trusted sites. Mozilla wasn't immediately available to comment on Secunia's claims.

Opera confirmed Wednesday that its latest browser, 8.01, would display the pop-up's origin, letting a user inspect its URL to see if it came from a trusted site.

"Once these things are discovered, there's a rush as everyone tries to fix the problem," Christen Krogh, Opera's vice president of engineering, told ZDNet UK.

Krogh also pointed out that Secunia had rated the vulnerability as "less critical."

"This could fool some users into giving out some data to a site that wouldn't otherwise be able to get that information. But it doesn't seem like the most important issue," Krogh said.
=============================================
uzeto sa sajta: http://news.zdnet.com/2100-1009_22-5757372.html



Registruj se da bi učestvovao u diskusiji. Registrovanim korisnicima se NE prikazuju reklame unutar poruka.
offline
  • RIA  Male
  • Prijatelj foruma
  • Pridružio: 20 Feb 2005
  • Poruke: 2841
  • Gde živiš: Around Belgrade

ja sa pop upovima nemam problema od kada koristim mozillu a u FW podesim koji sajtovi su dozvoljeni za pop-up.I mozilla i na tim sajtovima blokira ono sto je nepotrebno.



offline
  • oblak  Male
  • Legendarni građanin
  • Glavni moderator foruma Mobilni telefoni
  • LEBE KISELI
  • Pridružio: 14 Feb 2005
  • Poruke: 6355

ja sa pop up -om nemam problema , kad razmislim nikada nisam ni imao...

offline
  • Pridružio: 06 Jun 2005
  • Poruke: 66

Ne sećam se kad sam video popup od kad koristim mozilu.

offline
  • Pridružio: 18 Apr 2003
  • Poruke: 5001
  • Gde živiš: Beograd

Vi niste videli da je i mozilla ranjiva?

offline
  • RIA  Male
  • Prijatelj foruma
  • Pridružio: 20 Feb 2005
  • Poruke: 2841
  • Gde živiš: Around Belgrade

kako mislis ranjiva ? koristim Outpost...

offline
  • ZoNi  Male
  • Free Your Mind!
  • Pridružio: 26 Feb 2005
  • Poruke: 5757
  • Gde živiš: Singidunum

nisam 100% siguran (jer me i ne zanima mnogo), ali mislim da ni Maxthon ne podleze ovakvim stvarima...

offline
  • oblak  Male
  • Legendarni građanin
  • Glavni moderator foruma Mobilni telefoni
  • LEBE KISELI
  • Pridružio: 14 Feb 2005
  • Poruke: 6355

@bone

u pravu si secam se da mi je na jednom hm... sajtu blokirala poup ali su zato prosla druga dva sa istog site-a !

offline
  • Pridružio: 20 Feb 2005
  • Poruke: 4505
  • Gde živiš: planeta Zemlja

meni kod Opere (nije bas najnovija verzija ali ajde) prolaze prozori... Kod Maxtona ne... Kod FF-a prolaze ali ne katastrofalo kao i kod NETSCAPE-a

offline
  • Pridružio: 12 Jul 2004
  • Poruke: 37
  • Gde živiš: Arilje

Tek ce da bude ranjiva Smile Niko se oko ostalih browsera pre nije zabavljo.... Eto na firefoxu vec ima prilicno otkrivenih propusta Smile

Ko je trenutno na forumu
 

Ukupno su 838 korisnika na forumu :: 19 registrovanih, 2 sakrivenih i 817 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Bane san, brundo65, cikadeda, darkojbn, draganl, dule10savic, Ibar, Kriglord, kunktator, kybonacci, mercedesamg, Miki01, mkukoleca, Nemanja.M, Nikolaa11, pein, Sićko, SR-3m, styg