Browsers hit by dialog box spoofing security flaw
By Simon Aughton
Posted on 22 Oct 2004 at 12:26
Several Web browsers are afflicted with a dialog box security vulnerability which can be exploited by malicious web sites to spoof dialog boxes.
Firefox, Internet Explorer, Mozilla, Netscape and Opera are affected by the flaw, where inactive windows can launch dialog boxes so they appear to be displayed by a website in another window or tab. This can be exploited by a malicious site to show a dialog box, which seems to originate from a trusted site.
Successful exploitation would normally require that a user is tricked into opening a link from a malicious web site to a trusted web site in a new window.
A safe demonstration of the problem can be seen in secunia.com's multiple browsers dialog box spoofing test.
Further information about the vulnerability is available as follows: Firefox and Mozilla; Internet Explorer; Netscape; Opera.
From around the web
advertisement
- Laptop bag reviews: nine tested
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
- Why you have to be left in the dark on OS patches
- Publishing your email address isn't a security disaster
- Why antivirus is fighting a losing battle in your office
- Four year olds used to steal their parents' data
- An acceptable use policy for your kids
- Paying for your crimes with Bitcoin
- Pavement hacking: What it is and how to avoid it
- Google's risky pre-loaded pages
- Mac under attack: how secure is Apple's OS?
- Has your browser been hijacked?
advertisement
