OSVDB ID: 10983

Title: Multiple Browser Cross Tab Dialog Box Spoofing

Info

Disclosure
Oct 20, 2004

Discovery
Unknown

Dates

Exploit
Oct 20, 2004

Solution
Unknown

Description

 Multiple web browsers contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered by an attacker creating a specially-crafted web page that would produce an inactive tab or window to launch a dialog box that appears to come from a trusted source, which could disclose sensitive information resulting in a loss of confidentiality.

Classification

 Location: Remote/Network Access Required
Attack Type: Hijacking, Information Disclosure
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

 Upgrades are currently available from these vendors to remediate this vulnerability: KDE: Upgrade to version 3.3.1 A workaround is available for: Mozilla FireFox Netscape Opera Avant Browser Safari Maxthon Internet Explorer for Mac It is possible to correct the flaw by implementing the following workaround(s): 1. Disable JavaScript 2. Do not visit untrusted and trusted websites at the same time.

Products

Apple Computer, Inc.

Safari

 1.2.3

Avant Force

Avant Browser

 10.0 build 029
9.02 build 101

KDE Project

KDE

 3.0.5

Konqueror

 3.2.2-6

Mozilla Organization

Firefox

 0.10.1

Mozilla

 1.7.3

Camino

 0.8

Mysoft Technology

Maxthon

 1.1.039

Netscape Communications Corporation

Netscape

 7.2

Opera Software

Opera

 7.54

Microsoft Corporation

Internet Explorer for Mac

 5.2

Stilesoft Inc.

NetCaptor

 7.5.2

iCab

iCab

 2.9.8

FlashPeak

Slim Browser

 4.01.003

The Omni Group

OmniWeb

 5.0.1

Epiphany

Epiphany

 1.4.4

Galeon

Galeon

 1.3.18

References

Credit
  • Jakob Balle - jbBrand New Doo Doosecunia.com - Secunia Research


Direct URL: http://osvdb.org/36218