Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security VulnWatch
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[VulnWatch] Secunia Research: Multiple Browsers Tabbed Browsing Vulnerab

from [Jakob Balle] Network Security [Permanent Link]
Subject: [VulnWatch] Secunia Research: Multiple Browsers Tabbed Browsing Vulnerabilities
Date: Wed, 20 Oct 2004 15:02:01 +0200 
====================================================================== 

                     Secunia Research 20/10/2004

        - Multiple Browsers Tabbed Browsing Vulnerabilities -

====================================================================== 
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of Vulnerabilities.......................................3
Solution.............................................................4
Time Table...........................................................5
Credits..............................................................6
References...........................................................7
About Secunia........................................................8
Verification.........................................................9

====================================================================== 
1) Affected Software 

Mozilla 1.7.3
Mozilla Firefox 0.10.1
Camino 0.8
Opera 7.54
Konqueror 3.2.2-6
Netscape 7.2
Avant Browser 9.02 build 101
Avant Browser 10.0 build 029
Maxthon (MyIE2) 1.1.039

Prior versions of all above software may also be vulnerable.

====================================================================== 
2) Severity 

Rating: Less/Moderately critical 
Impact: Spoofing
Where:  From remote

====================================================================== 
3) Description of Vulnerabilities 


Vulnerability "A":
It is possible for a inactive tab to spawn dialog boxes e.g. the
JavaScript "Prompt" box or the "Download dialog" box, even if the user
is browsing/viewing a completely different web site in another tab.

The problem is that the browsers does not indicate, which tab launched
the dialog boxes, which therefore could lead the user into disclosing
information to a malicious web site or to download and run a program,
which the user thought came from another trusted web site e.g. their
bank.

Demonstration:
http://secunia.com/multiple_browsers_dialog_box_spoofing_test/

Vulnerability "A" Affects:
Mozilla 1.7.3
Mozilla Firefox 0.10.1
Camino 0.8
Opera 7.54
Konqueror 3.2.2-6
Netscape 7.2
Avant Browser 9.02 build 101
Avant Browser 10.0 build 029
Maxthon (MyIE2) 1.1.039


Vulnerability "B":
It is possible for a inactive tab to always gain focus on a form
field in the inactive tab, even if the user is browsing/viewing a
completely different web site in another tab.

This is escalated a bit by the fact that most people do not look at
the monitor while typing data into a form field, and therefore might
send data to the site in the inactive tab, instead of the
intended/viewed tab.

Demonstration:
http://secunia.com/multiple_browsers_form_field_focus_test/

Vulnerability "B" Affects:
Mozilla 1.7.3
Mozilla Firefox 0.10.1
Netscape 7.2
Avant Browser 9.02 build 101
Avant Browser 10.0 build 029
Maxthon (MyIE2) 1.1.039

======================================================================
4) Solution

Mozilla:
  Vulnerability "A":
    Disable JavaScript or do not visit untrusted and trusted websites
    at the same time.
   
  Vulnerability "B":
    Disable JavaScript or do not visit untrusted and trusted websites
    at the same time.


Mozilla Firefox:
  Vulnerability "A":
    Disable JavaScript or do not visit untrusted and trusted websites
    at the same time.
   
  Vulnerability "B":
    Disable JavaScript or do not visit untrusted and trusted websites
    at the same time.


Camino:
  Vulnerability "A":
    Disable JavaScript or do not visit untrusted and trusted websites
    at the same time.
   
  Vulnerability "B":
    Not affected by this vulnerability.


Opera:
  Vulnerability "A":
    Will be fixed in Opera 7.60.

    Until Opera 7.60 becomes available, Opera Software will release an
    advisory on this issue, which will be available on the Opera
    website.
   
  Vulnerability "B":
    Not affected by this vulnerability.


Avant Browser:
  Vulnerability "A":
    Vulnerable. However, vendor never responded to inquiries.

    Disable JavaScript or do not visit untrusted and trusted websites
    at the same time.

  Vulnerability "B":
    Vulnerable. However, vendor never responded to inquiries.

    Disable JavaScript or do not visit untrusted and trusted websites
    at the same time.


Konqueror:
  Vulnerability "A":
    The Vendor reports that KDE version 3.3.1 fixes this
    vulnerability.
   
  Vulnerability "B":
    Not affected by this vulnerability.


Netscape:
  Vulnerability "A":
    Vulnerable. However, vendor never responded to inquiries.

    Disable JavaScript or do not visit untrusted and trusted websites
    at the same time.

  Vulnerability "B":
    Vulnerable. However, vendor never responded to inquiries.

    Disable JavaScript or do not visit untrusted and trusted websites
    at the same time.


Maxthon:
  Vulnerability "A":
    Will be fixed in an upcoming version.

    Disable JavaScript or do not visit untrusted and trusted websites
    at the same time.
   
  Vulnerability "B":
    Will be fixed in next version.

    Disable JavaScript or do not visit untrusted and trusted websites
    at the same time.


======================================================================
5) Time Table 

04/10/2004 - Vulnerabilities reported to Netscape, Mozilla, Opera and
             Avant Browser.
05/10/2004 - Vulnerabilities reported to KDE (Konqueror) and Maxthon.
08/10/2004 - Netscape and Avant contacted again as they have not
             responded.
20/10/2004 - Public disclosure.

====================================================================== 
6) Credits 

Discovered by Jakob Balle, Secunia Research.

====================================================================== 
7) References

Secunia Advisories:
http://secunia.com/SA12706
http://secunia.com/SA12712
http://secunia.com/SA12713
http://secunia.com/SA12714
http://secunia.com/SA12717
http://secunia.com/SA12731

====================================================================== 
8) About Secunia 

Secunia collects, validates, assesses, and writes advisories regarding 
all the latest software vulnerabilities disclosed to the public. These 
advisories are gathered in a publicly available database at the 
Secunia web site: 

http://secunia.com/

Secunia offers services to our customers enabling them to receive all 
relevant vulnerability information to their specific system 
configuration. 

Secunia offers a FREE mailing list called Secunia Security Advisories: 

http://secunia.com/secunia_security_advisories/

====================================================================== 
9) Verification 

Please verify this advisory by visiting the Secunia web site: 
http://secunia.com/secunia_research/2004-10/

======================================================================
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [VulnWatch] Secunia Research: Multiple Browsers Tabbed Browsing Vulnerabilities, Jakob Balle <=
Previous by Date:  [Full-Disclosure] Major Client Crash in 3D FTP, Bakchodiya
Next by Date:  [VulnWatch] MS-DOS Device Name Denial Of Service Vulnerability in Abyss Web Server X1 for Windows, R00tCr4ck
Previous by Thread:  [Full-Disclosure] Major Client Crash in 3D FTP, Bakchodiya
Next by Thread:  [VulnWatch] MS-DOS Device Name Denial Of Service Vulnerability in Abyss Web Server X1 for Windows, R00tCr4ck
Indexes:  [Date] [Thread] [Top] [All Lists]