Jump to content
xisto Community
jedipi

Vulnerability Was Found In All Major Browsers Spoofing Flaw affect IE, Firefox, Safari

Recommended Posts

According eWeek.com, a new vulnerability was found in all the major Web browsers ( IE, Firefox, Safari).
This Spoofing Flaw can be exploited by malicious hackers to trick surfers into disclosing confidential information.

"The problem is that JavaScript dialog boxes do not display or include their origin, which allows a new window to open a prompt dialog box, which appears to be from a trusted site,"

Here is the place for you to test your broswer whether vulnerable or not.
http://secunia.com/multiple_browsers_dialoerability_test/

source:
http://www.eweek.com/c/a/Mobile-and-Wireless/HP-TouchPad-Needs-68-Weeks-for-Additional-Shipments-142584

Share this post


Link to post
Share on other sites

Hmmn... I'm wondering, if these security flaws were not made public, would potential hackers have found out about and sicovered the flaw? Do they go about engineering and looking at the source code to disocver new flaws?

Share this post


Link to post
Share on other sites

I honestly don't see how that is a security problem. Surely even a completely inexperienced computer user would notice the new window opening when they clicked the link. Even if they didn't, who would be stupid enough to enter bank account details into a completely unsecure javascript dialogue?To be honest, I doubt scammers will be adopting this method quite soon :lol:

Share this post


Link to post
Share on other sites

Hmm, I don't know, for me the very fact that they can open a unnamed javascript window on top of a verified site is still rather disturbing. Yes, even a new computer user would notice the new window opening, but it's not the noticing the new window, it's more of if the hacker decides to exploit the vulnerability, makes his pop-up dialog box really authentic-looking, and thus gets information from not-so-experienced computer users, and then use that information. I mean, I think people like my dad or my brother, though they are not total-computer-idiots, might fall for a dialog box that seems to come from Google.com or Amazon.com asking for passwords or stuff like that.

Share this post


Link to post
Share on other sites

I just saw this new in C|Net News.com.
[quota]
Microsoft does not plan to update Internet Explorer to prevent a spoofing attack that could trick users into giving out personal information to hackers.
[/quota]

Is it just because thuse they don't deem them a high risk??
Do you believe this article??
I am quite surprise, microsoft won't issue an update for IE.

it makes IE is the worst browser right now.

source:
http://news.a.com.com/

Share this post


Link to post
Share on other sites

As more such problems are discovered, programmers will learn to be more and more security savvy. Open source has the best chances though. The people who are open source tend to care about security, and having their programs work. So, it will probably get fixed in FF in the not too distant future. IE may have to wait till version 7, whenever the hell that comes out.

Share this post


Link to post
Share on other sites

Oof. Thanks for the example you provided. Now I know what it looks like. Good thing banks don't use JS prompts, or hackers could steal credit card information. Hope Microsoft fixes it soon :lol: (maybe 2006 when IE7 and Longhorn comes out)

Share this post


Link to post
Share on other sites

Well, I don't see this as some big matter, even though it shows from where it is, the javascript prompt window, still a lot won't see it and won't even look into it, but it might trick an unexperienced user, but I never seen a website which would want to login though a prompt, so I doubt that a lot of people would fall for such a trick, but if someone would, when good, because I heard/read that a lot of whom replies and gives their bank numbers to spam emails about millions of dollars in Africa banks ;DAnd someone in this thread said that he is safe that he has javascript turned off, safe, but most of the sites doesn't work, to browse without javascript in my opinion these days is stupid! Of course, if you surf the web and normal pages.. :)

Share this post


Link to post
Share on other sites

It says that Mozilla Firefox 1.0.5 fixed this vulnerability but apparently Firefox 2 still showed the prompt.Opera is less vulnerable because it shows where the box came from.Still, I think that the audience of misled users by this box is quite low because of the nature of the situation.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.