|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[sec-adv] Mozilla, Opera and Netscape Security Model Violation
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Fri Jun 13 2003 - 07:41:01 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
Mozilla, Opera and Netscape Security Model Violation
READ ONLINE:
http://www.secunia.com/advisories/9017/
CRITICAL:
Less critical
IMPACT:
Security Bypass
WHERE:
From remote
SOFTWARE:
Opera 6.x
Netscape 6.x
Netscape 7.x
Mozilla 1.0
Mozilla 1.1
Opera 7.x
Mozilla 1.3
Mozilla 1.4
DESCRIPTION:
An older vulnerability has apparently resurfaced in Mozilla, Opera
and Netscape, which allows malicious websites to execute arbitrary
JavaScript and possibly Java in the context of other sites.
The problem is that it is possible to create a JavaScript function,
which will open a different website and execute code in this site's
security context.
SOLUTION:
Disable JavaScript and Java for all sites (except trusted sites).
REPORTED BY / CREDITS:
meme-boi
OTHER REFERENCES:
Test page:
http://meme-boi.netfirms.com/werd.html
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]