Re: Firefox & IE subject to phishing trick

From: Trent© (trentsauder_at_hotmail.com)
Date: 12/11/04 

Date: Fri, 10 Dec 2004 20:23:23 -0500

On Fri, 10 Dec 2004 11:16:16 -0800, "CZ" <CZ@no99spam.com> wrote:

>>From
>http://www.theregister.co.uk/2004/12/09/secunia_browser_exploit_warning/
>"Many popular browsers are affected by a vulnerability that makes it easy to
>spoof the content of websites, security firm Secunia warns.
>Features built into browsers makes it possible for malicious websites to
>change the content of pop-up windows created by trusted websites such as
>online banks. Users would have no inkling that potentially hostile content
>has been injected into a pop-up window. Exploits rely on misusing browser
>functionality rather than taking advantage of a software bug. Thomas
>Kristensen, Secunia's chief technology officer, described the problem as
>"perhaps the simplest phishing trick yet."
> Secunia has confirmed the vulnerability on fully patched versions of
>Internet Explorer 6.0 and Windows XP SP1 and SP2 (advisory here), Mozilla
>1.7.3, Mozilla Firefox 1.0, Netscape 7.2, Apple's Safari 1.2.4, Opera 7.54,
>and KDE's Konqueror 3.2.2-6. Other versions of these browsers might also be
>affected. Secunia has issued five advisories (summary here) and an on-line
>test.
>Secunia describes the vulnerabilities as "moderately critical". It advises
>users not to browse untrusted sites while browsing trusted sites."
>
>Here is the URL for the online test:
>http://secunia.com/multiple_browsers_window_injection_vulnerability_test
>
>My test results:
>Firefox v1.0 is vulnerable to the above spoofing.
>IE with PopUpCop is not vulnerable.
>

Any windows didn't open up for me...good, I guess.

But, then again, I had java scripting turned off...which is the way I
always surf the Net.

Not the best solution...granted. But works for me.

Thanks for the heads-up.

Have a nice one...

Trent

Budweiser: Helping ugly people have sex since 1876!

Relevant Pages