Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Compute

from [john . courcoul] Network Security [Permanent Link]
Subject: Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)
Date: Thu, 26 Aug 2004 09:51:17 -0500 
Didn't think I'd ever get the chance to report some form of vulnerability,  but 
I did. Minor, granted, but a bug nonetheless.

Use the latest browser from Netscape, Gecko/20040804 Netscape/7.2, set up for 
tabbed browsing, on a MacOS X 10.3.5 platform with all the latest patches. Open 
Andy Cuff's "radar" page in the first tab: it sets up two scrolling displays 
(Security News and Vulnerabilities) on the left side of the window and a date 
ticker in the middle, under  "Operational Picture". Open a new tab, which 
should be completely independent and allow you to browse another site without 
interference. Not a chance: the scrolling displays and the date ticker promptly 
highjack the new pane and display their info on it, on top of any page you 
should happen to load there. And the scrollers are "live" in whatever tab they 
have highjacked: click on any of the items they are displaying, and the 
corresponding page gets loaded on the highjacked tab, NOT on the original 
"radar" tab. Only until you close the "radar" tab do the scrollers and ticker 
go away in all other tabs.

Works the other way around too: create a bunch of tabs and load all sorts of 
different sites on them. On the very last tab, open Andy's page. It promptly 
takes over all tabs and splashes the scrollers and ticker all over the place.

In this case, just a nuisance, but might conceivably be misused. Since this 
information is placed on top of the highjacked tabs,  and will cause a new page 
to load on that tab, a carefully crafted scroller or ticker could misdirect a 
user trying to do banking on a tab to be redirected to a hostile server 
elsewhere (i.e., carefully place the scroller on top of the "submit" button, 
tell the user that the operation failed and get them to retype their private 
info.)

Could this be classified as "phishing" ?

J. Courcoul

Andy Cuff wrote:


Hi All,
As a great believer in being able to track emerging vulnerabilities with
minimal effort, I have created another "Alert State" image.
http://securitywizardry.com/radar.htm  However, I have tried to make it a
lot more granular dividing the image up into OS and Applications and
reducing the alert states to just 3. At present I'm tracking the
vulnerabilities myself, though I'm hoping some kind hearted vulnerability
alert service such as one of these http://securitywizardry.com/alert.htm
will offer to notify me when significant vulnerabilities occur that may
warrant a change in an enterprises CND posture. I hope you find it of use,
enjoy!

Advice, criticism, bitchin' etc welcomed as always

-andy cuff
Talisker's Computer Security Portal
Computer Network Defence Ltd
http://www.securitywizardry.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Unsecure file permission of ZoneAlarm pro., Bipin Gautam
Next by Date:  [security bulletin] SSRT4779 - rev.0 HP-UX Netscape NSS Library Suite SSLv2 remote buffer overflow, Boren, Rich (SSRT)
Previous by Thread:  [Full-Disclosure] SGI ProPack 3: Kernel Update #3 - Security and other fixes, SGI Security Coordinator
Next by Thread:  Re: Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State), Rishi Khan
Indexes:  [Date] [Thread] [Top] [All Lists]