Vulnerability Was Found In All Major Browsers Spoofing Flaw affect IE, Firefox, Safari

[seec77 0]

Oh come on! I mean, why doesn't some security "advisor" just post a security "threat" about telnet, because users can use it to log in to malicious website and hand-craft a request that sends out their grandmother's phone number to the whole world!

 

This is really stupid. Has anyone even read the ECMAScript specification to see if maybe it requires prompts to show a certain generic title? And besides, what do you want browsers to do? Make the title of prompt dialogs the same as their parent web site? Will it then be that hard for evil hackers to modify a TITLE tag to something that looks like a bank page? Come on! There's no solution for this.

 

This is purely FUD.

[Chesso 0]

You would have to be pretty newby to fall for that.Unless you some how co-incidentally visit sites often that do that, or your just clueless all together lol.

[issdiscovery04 0]

Well users of Firefox 2.0.0.1 are pretty safe from this flaw. On the other hand, internet explorer users are in for a long haul. M$ is not known for releasing frequent updates or updates that work.

[saneax 0]

There is a much serious security flaw in the browsers, related to Adobe Plugin..

Critical vulnerability reported in Adobe Reader

[vhortex 1]

And someone in this thread said that he is safe that he has javascript turned off, safe, but most of the sites doesn't work, to browse without javascript in my opinion these days is stupid! Of course, if you surf the web and normal pages..

i agree with you with this mate.
Specially now that most websites have ajaxed themselves up.

just last december, i have stumbled on 17 websites of good quality with a ajaxed floating window for login.

***********

between normal pages and ajaxed ones.. i will go with the ajaxed ones.. it saves time and bandwitdh on some slow connections, that it if you are viewing some sort of heavy graphics site.

***********
i was dragged here thinking this tackle about this certain pesisting bug that i have read.

[jimmy89 0]

I honestly don't see how that is a security problem. Surely even a completely inexperienced computer user would notice the new window opening when they clicked the link. Even if they didn't, who would be stupid enough to enter bank account details into a completely unsecure javascript dialogue?
To be honest, I doubt scammers will be adopting this method quite soon smile.gif

i have to agree! there is going to be only a handful of users that are going to do this, so really is not much of a problem. that said, whenever someone hears security flaw theres always something to be said - and a microsoft patch to go with it!