.
This page validates as XHTML 1.0, and will look much better in a browser that supports web standards, but it is accessible to any browser or Internet device. It was created using techniques detailed at glish.com/css/.
Sunday July 04, 2004 A 6 year old vulnerability has been discovered in multiple browsers, allowing malicious people to spoof the content of websites.
The problem is that the browsers don't check if a target frame belongs to a website containing a malicious link, which therefore doesn't prevent one browser window from loading content in a named frame in another window.
Successful exploitation allows a malicious website to load arbitrary content in an arbitrary frame in another browser window owned by e.g. a trusted site.
The vulnerability has been confirmed in the following browsers:
* Opera 7.51 for Windows
* Opera 7.50 for Linux
* Mozilla 1.6 for Windows
* Mozilla 1.6 for Linux
* Mozilla Firebird 0.7 for Linux
* Mozilla Firefox 0.8 for Windows
* Netscape 7.1 for Windows
* Internet Explorer for Mac 5.2.3
* Safari 1.2.2
* Konqueror 3.1-15redhat
Other versions may also be affected.
Solution:
Do not browse untrusted sites while browsing trusted sites.
The following browsers are not affected:
* Mozilla Firefox 0.9 and later
* Mozilla 1.7
You can find a testcase in secunia.com.
Mozilla comes safer than IE now.
Posted by robin on July 06, 2004 at 12:16 AM PDT #
Posted by Ginn on July 06, 2004 at 08:21 AM PDT #