| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 27 Aug 2004 11:28:06 -0400 From: Rishi Khan <rishi@...l.edu> To: john.courcoul@....com Cc: bugtraq@...urityfocus.com, Andy Cuff <lists@...uritywizardry.com> Subject: Re: Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State) This is a known issue with Apples Java plugin ... not netscape or mozilla. See: http://bugzilla.mozilla.org/show_bug.cgi?id=162134 It has to due with the plugin ignoring clipRect and NPWindow On Aug 26, 2004, at 10:51 AM, john.courcoul@....com wrote: > Didn't think I'd ever get the chance to report some form of > vulnerability, but I did. Minor, granted, but a bug nonetheless. > > Use the latest browser from Netscape, Gecko/20040804 Netscape/7.2, set > up for tabbed browsing, on a MacOS X 10.3.5 platform with all the > latest patches. Open Andy Cuff's "radar" page in the first tab: it > sets up two scrolling displays (Security News and Vulnerabilities) on > the left side of the window and a date ticker in the middle, under > "Operational Picture". Open a new tab, which should be completely > independent and allow you to browse another site without interference. > Not a chance: the scrolling displays and the date ticker promptly > highjack the new pane and display their info on it, on top of any page > you should happen to load there. And the scrollers are "live" in > whatever tab they have highjacked: click on any of the items they are > displaying, and the corresponding page gets loaded on the highjacked > tab, NOT on the original "radar" tab. Only until you close the "radar" > tab do the scrollers and ticker go away in all other tabs. > > Works the other way around too: create a bunch of tabs and load all > sorts of different sites on them. On the very last tab, open Andy's > page. It promptly takes over all tabs and splashes the scrollers and > ticker all over the place. > > In this case, just a nuisance, but might conceivably be misused. Since > this information is placed on top of the highjacked tabs, and will > cause a new page to load on that tab, a carefully crafted scroller or > ticker could misdirect a user trying to do banking on a tab to be > redirected to a hostile server elsewhere (i.e., carefully place the > scroller on top of the "submit" button, tell the user that the > operation failed and get them to retype their private info.) > > Could this be classified as "phishing" ? > > J. Courcoul > > Andy Cuff wrote: > >> Hi All, >> As a great believer in being able to track emerging vulnerabilities >> with >> minimal effort, I have created another "Alert State" image. >> http://securitywizardry.com/radar.htm However, I have tried to make >> it a >> lot more granular dividing the image up into OS and Applications and >> reducing the alert states to just 3. At present I'm tracking the >> vulnerabilities myself, though I'm hoping some kind hearted >> vulnerability >> alert service such as one of these >> http://securitywizardry.com/alert.htm >> will offer to notify me when significant vulnerabilities occur that >> may >> warrant a change in an enterprises CND posture. I hope you find it of >> use, >> enjoy! >> >> Advice, criticism, bitchin' etc welcomed as always >> >> -andy cuff >> Talisker's Computer Security Portal >> Computer Network Defence Ltd >> http://www.securitywizardry.com >> >
Powered by blists - more mailing lists