NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Vulndiscuss> 2004-q4

Re: [VulnDiscuss] Antw: [VulnWatch] Secunia Research: Multiple Browsers TabbedBrowsing Vulnerabilities

From: Adam Jacob Muller (adamgotlinux.us)
Date: Thu Oct 21 2004 - 15:30:01 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I tried it on IE,
It flashed back to the secunia window before it opened the JS prompt,
thus eliminating the problem of people thinking the query coming from
the "trusted" site.

Adam Jacob Muller

Civil disobedience is not our problem. Our problem is civil obedience.
Our problem is that numbers of people all over the world have obeyed
the dictates of the leaders of their government and have gone to war,
and millions have been killed because of this obedience. . . Our
problem is that people are obedient all over the world in the face of
poverty and starvation and stupidity, and war, and cruelty. Our problem
is that people are obedient while the jails are full of petty thieves,
and all the while the grand thieves are running the country. That's our
problem.
-Howard Zinn
On Oct 21, 2004, at 1:20 AM, Sven Jensen wrote:

> Hi!
>
> But this is not onyl true fot tabbed browsers!
>
> I just checked this with none-tabbed IE and it work there too.
> If you are opening the other site in one other Windows and are
> continuing browsing in tho old window, you still
> are hitting this vulnerability.
>
> So this is a general Problem of opening multiple Sites on one System!
>
> Sven Jensen
>
>
>>>> Jakob Balle <jbsecunia.com> 10/20 3:02 pm >>>
> ======================================================================
>
> Secunia Research 20/10/2004
>
> - Multiple Browsers Tabbed Browsing Vulnerabilities -
>
> ======================================================================
> Table of Contents
>
> Affected Software....................................................1
> Severity.............................................................2
> Description of Vulnerabilities.......................................3
> Solution.............................................................4
> Time Table...........................................................5
> Credits..............................................................6
> References...........................................................7
> About Secunia........................................................8
> Verification.........................................................9
>
> ======================================================================
> 1) Affected Software
>
> Mozilla 1.7.3
> Mozilla Firefox 0.10.1
> Camino 0.8
> Opera 7.54
> Konqueror 3.2.2-6
> Netscape 7.2
> Avant Browser 9.02 build 101
> Avant Browser 10.0 build 029
> Maxthon (MyIE2) 1.1.039
>
> Prior versions of all above software may also be vulnerable.
>
> ======================================================================
> 2) Severity
>
> Rating: Less/Moderately critical
> Impact: Spoofing
> Where: From remote
>
> ======================================================================
> 3) Description of Vulnerabilities
>
>
> Vulnerability "A":
> It is possible for a inactive tab to spawn dialog boxes e.g. the
> JavaScript "Prompt" box or the "Download dialog" box, even if the user
> is browsing/viewing a completely different web site in another tab.
>
> The problem is that the browsers does not indicate, which tab launched
> the dialog boxes, which therefore could lead the user into disclosing
> information to a malicious web site or to download and run a program,
> which the user thought came from another trusted web site e.g. their
> bank.
>
> Demonstration:
> http://secunia.com/multiple_browsers_dialog_box_spoofing_test/
>
> Vulnerability "A" Affects:
> Mozilla 1.7.3
> Mozilla Firefox 0.10.1
> Camino 0.8
> Opera 7.54
> Konqueror 3.2.2-6
> Netscape 7.2
> Avant Browser 9.02 build 101
> Avant Browser 10.0 build 029
> Maxthon (MyIE2) 1.1.039
>
>
> Vulnerability "B":
> It is possible for a inactive tab to always gain focus on a form
> field in the inactive tab, even if the user is browsing/viewing a
> completely different web site in another tab.
>
> This is escalated a bit by the fact that most people do not look at
> the monitor while typing data into a form field, and therefore might
> send data to the site in the inactive tab, instead of the
> intended/viewed tab.
>
> Demonstration:
> http://secunia.com/multiple_browsers_form_field_focus_test/
>
> Vulnerability "B" Affects:
> Mozilla 1.7.3
> Mozilla Firefox 0.10.1
> Netscape 7.2
> Avant Browser 9.02 build 101
> Avant Browser 10.0 build 029
> Maxthon (MyIE2) 1.1.039
>
> ======================================================================
> 4) Solution
>
> Mozilla:
> Vulnerability "A":
> Disable JavaScript or do not visit untrusted and trusted websites
> at the same time.
>
> Vulnerability "B":
> Disable JavaScript or do not visit untrusted and trusted websites
> at the same time.
>
>
> Mozilla Firefox:
> Vulnerability "A":
> Disable JavaScript or do not visit untrusted and trusted websites
> at the same time.
>
> Vulnerability "B":
> Disable JavaScript or do not visit untrusted and trusted websites
> at the same time.
>
>
> Camino:
> Vulnerability "A":
> Disable JavaScript or do not visit untrusted and trusted websites
> at the same time.
>
> Vulnerability "B":
> Not affected by this vulnerability.
>
>
> Opera:
> Vulnerability "A":
> Will be fixed in Opera 7.60.
>
> Until Opera 7.60 becomes available, Opera Software will release an
> advisory on this issue, which will be available on the Opera
> website.
>
> Vulnerability "B":
> Not affected by this vulnerability.
>
>
> Avant Browser:
> Vulnerability "A":
> Vulnerable. However, vendor never responded to inquiries.
>
> Disable JavaScript or do not visit untrusted and trusted websites
> at the same time.
>
> Vulnerability "B":
> Vulnerable. However, vendor never responded to inquiries.
>
> Disable JavaScript or do not visit untrusted and trusted websites
> at the same time.
>
>
> Konqueror:
> Vulnerability "A":
> The Vendor reports that KDE version 3.3.1 fixes this
> vulnerability.
>
> Vulnerability "B":
> Not affected by this vulnerability.
>
>
> Netscape:
> Vulnerability "A":
> Vulnerable. However, vendor never responded to inquiries.
>
> Disable JavaScript or do not visit untrusted and trusted websites
> at the same time.
>
> Vulnerability "B":
> Vulnerable. However, vendor never responded to inquiries.
>
> Disable JavaScript or do not visit untrusted and trusted websites
> at the same time.
>
>
> Maxthon:
> Vulnerability "A":
> Will be fixed in an upcoming version.
>
> Disable JavaScript or do not visit untrusted and trusted websites
> at the same time.
>
> Vulnerability "B":
> Will be fixed in next version.
>
> Disable JavaScript or do not visit untrusted and trusted websites
> at the same time.
>
>
> ======================================================================
> 5) Time Table
>
> 04/10/2004 - Vulnerabilities reported to Netscape, Mozilla, Opera and
> Avant Browser.
> 05/10/2004 - Vulnerabilities reported to KDE (Konqueror) and Maxthon.
> 08/10/2004 - Netscape and Avant contacted again as they have not
> responded.
> 20/10/2004 - Public disclosure.
>
> ======================================================================
> 6) Credits
>
> Discovered by Jakob Balle, Secunia Research.
>
> ======================================================================
> 7) References
>
> Secunia Advisories:
> http://secunia.com/SA12706
> http://secunia.com/SA12712
> http://secunia.com/SA12713
> http://secunia.com/SA12714
> http://secunia.com/SA12717
> http://secunia.com/SA12731
>
> ======================================================================
> 8) About Secunia
>
> Secunia collects, validates, assesses, and writes advisories regarding
> all the latest software vulnerabilities disclosed to the public. These
> advisories are gathered in a publicly available database at the
> Secunia web site:
>
> http://secunia.com/
>
> Secunia offers services to our customers enabling them to receive all
> relevant vulnerability information to their specific system
> configuration.
>
> Secunia offers a FREE mailing list called Secunia Security Advisories:
>
> http://secunia.com/secunia_security_advisories/
>
> ======================================================================
> 9) Verification
>
> Please verify this advisory by visiting the Secunia web site:
> http://secunia.com/secunia_research/2004-10/
>
> ======================================================================
>
>
> !DSPAM:41780c98150105562252487!
>

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]