|
 |
|
 |
| Sunday, September 05, 2010
|
| Register Login |
 |
|
|
|
|
Users currently online
|
 |
|
|
|
 |
Membership: |
 |
Latest:
SullyC |
 |
New Today:
0 |
 |
New Yesterday:
0 |
 |
Overall:
53 |
 |
People Online: |
 |
Visitors:
1 |
 |
Members:
0 |
 |
Total:
1 |
Online Now:
|
|
|
|
|
|
|
|
|
|
Welcome to the Viruswarning forums. All your original content has been ported to the new forums as well as new content and additional opportunities to interact with the authors of Viruswarn.com. You can always access old content at www.leedrake.com/forum . You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....
But at least it's all here.
Enjoy!
|
|
|
|
|
|
Viruswarn Forums
|
|
|
|
|
| You are not authorized to post a reply.
|
|
| Author |
Messages |
|
Lee Drake
Posts:238
 |
| 10/20/2004 5:47 PM |
|
| What it is
With new features, come new vulnerabilities. Many of the popular alternate browsers such as Mozilla, Firefox, Camino, Opera, Conqueror, Netscape, Avant, and Maxthon have a new feature called "Tabbed Browsing". With Tabbed browsing, you may have multiple sites that you're browsing under different tabs on the same window. This is a nice and convenient feature (And one missing from Internet Explorer). Unfortunately however there are some vulnerabilities introduced with this new browsing method. One vulnerability is that a browsed window can pop up a dialog box - even if it's NOT the primary browsed window. So a malicious website could pop up a request to "re-enter" your password, while some other site is in the foreground. If you do so, you could reveal privileged info to the background website unintentionally.
Another vulnerability is introduced in that, using Javascript, a malicious website can grab the focus for a data-entry field from a foreground window to a background window, without necessarily changing the window. Thus someone doing heads-down data entry into the foreground form might inadvertently submit information to the background form.
What you should do
Since these vulnerabilities have been revealed but not yet patched or repaired. Not every vulnerability affects every product mentioned above. Detailed information can be gotten from secunia: www.secunia.com at the below reference link for exactly what is affected. To avoid these problems you have a couple of choices:
1) Disable javascript in the browser. Although this will work, it may also disable valuable capabilities.
2) Browse only one window at a time, and be particularly aware of pop-up windows and/or forms that you're filling out to ensure that you are entering data appropriately. If a pop-up appears be sure it is for the currently browsed tab, by closing other tabs.
You can of course also use a non-tabbed browser. These vulnerabilities are NOT operating system dependent and affect any version of the particular browsers as listed below.
Further references
Secunia advisories (by Product):
http://secunia.com/SA12706
http://secunia.com/SA12712
http://secunia.com/SA12713
http://secunia.com/SA12714
http://secunia.com/SA12717
http://secunia.com/SA12731
This concludes this viruswarning notice.
Lee Drake
Aztek Computer Solutions, Inc.
274 N. Goodman St. Ste B269
Rochester, NY 14607
the human side of computing
Email: ldrake@azcomputer.net
Web: www.azcomputer.net Office Phone: 585-242-2060
Fax number: 585-242-9441
|
|
|
|
|
|
| You are not authorized to post a reply. |
|
|
|
ActiveForums 3.6
|
|
|
|
|
|
|
|
|
|
|
|