Vulnerability Was Found In All Major Browsers Spoofing Flaw affect IE, Firefox, Safari

[jedipi 0]

According eWeek.com, a new vulnerability was found in all the major Web browsers ( IE, Firefox, Safari).
This Spoofing Flaw can be exploited by malicious hackers to trick surfers into disclosing confidential information.

"The problem is that JavaScript dialog boxes do not display or include their origin, which allows a new window to open a prompt dialog box, which appears to be from a trusted site,"

Here is the place for you to test your broswer whether vulnerable or not.
http://secunia.com/multiple_browsers_dialoerability_test/

source:
http://www.eweek.com/c/a/Mobile-and-Wireless/HP-TouchPad-Needs-68-Weeks-for-Additional-Shipments-142584

[chiiyo 0]

Oh dear, this sounds pretty serious. All my browsers are vulnerable... O-o. Wonder whether there'd be any patch soon?

[jcguy 0]

Hmmn... I'm wondering, if these security flaws were not made public, would potential hackers have found out about and sicovered the flaw? Do they go about engineering and looking at the source code to disocver new flaws?

[saxsux 0]

I honestly don't see how that is a security problem. Surely even a completely inexperienced computer user would notice the new window opening when they clicked the link. Even if they didn't, who would be stupid enough to enter bank account details into a completely unsecure javascript dialogue?To be honest, I doubt scammers will be adopting this method quite soon

[chiiyo 0]

Hmm, I don't know, for me the very fact that they can open a unnamed javascript window on top of a verified site is still rather disturbing. Yes, even a new computer user would notice the new window opening, but it's not the noticing the new window, it's more of if the hacker decides to exploit the vulnerability, makes his pop-up dialog box really authentic-looking, and thus gets information from not-so-experienced computer users, and then use that information. I mean, I think people like my dad or my brother, though they are not total-computer-idiots, might fall for a dialog box that seems to come from Google.com or Amazon.com asking for passwords or stuff like that.

[jedipi 0]

I just saw this new in C|Net News.com.
[quota]
Microsoft does not plan to update Internet Explorer to prevent a spoofing attack that could trick users into giving out personal information to hackers.
[/quota]

Is it just because thuse they don't deem them a high risk??
Do you believe this article??
I am quite surprise, microsoft won't issue an update for IE.

it makes IE is the worst browser right now.

source:
http://news.a.com.com/

[HanginNerd 0]

Firefox's Javascrips Is Kinda Messed Upp Dont Ya Think ???? XX

[geancanach 0]

and this is just one more reason why i have javascript disables in all my browsers. i didnt get the prompt so i assume i dont have that particul insecurity to worry about

[MajesticTreeFrog 0]

As more such problems are discovered, programmers will learn to be more and more security savvy. Open source has the best chances though. The people who are open source tend to care about security, and having their programs work. So, it will probably get fixed in FF in the not too distant future. IE may have to wait till version 7, whenever the hell that comes out.

[runefantasy 0]

Oof. Thanks for the example you provided. Now I know what it looks like. Good thing banks don't use JS prompts, or hackers could steal credit card information. Hope Microsoft fixes it soon (maybe 2006 when IE7 and Longhorn comes out)

[toby 0]

Big bump.. but Opera says where it's from.

[niran 0]

oooohh This is some serious matter :-S

[xboxrulz1405241485 0]

Firefox told me that the box came from Secunia even though the box came up.

 

 

xboxrulz

[Quatrux 4]

Well, I don't see this as some big matter, even though it shows from where it is, the javascript prompt window, still a lot won't see it and won't even look into it, but it might trick an unexperienced user, but I never seen a website which would want to login though a prompt, so I doubt that a lot of people would fall for such a trick, but if someone would, when good, because I heard/read that a lot of whom replies and gives their bank numbers to spam emails about millions of dollars in Africa banks ;DAnd someone in this thread said that he is safe that he has javascript turned off, safe, but most of the sites doesn't work, to browse without javascript in my opinion these days is stupid! Of course, if you surf the web and normal pages..

[FirefoxRocks 0]

It says that Mozilla Firefox 1.0.5 fixed this vulnerability but apparently Firefox 2 still showed the prompt.Opera is less vulnerable because it shows where the box came from.Still, I think that the audience of misled users by this box is quite low because of the nature of the situation.