Introduction
Secunia Research has discovered a vulnerability in various browsers, which can be exploited by malicious web sites to spoof dialog boxes.
The problem is that JavaScript dialog boxes do not display or include their origin, which allows a new window to open e.g. a prompt dialog box, which appears to be from a trusted site.
Please use the test below, to see an example of how this vulnerability can be exploited, and also to determine whether or not your browser is vulnerable.
Test Case / Demonstration
This demonstration will open the Google.com web site. After a while, a JavaScript dialog will be displayed in front of the Google.com web site.
Start the test:
Test Now - Left Click On This Link
Result
You are vulnerable, if a JavaScript dialog box appears in front of the Google.com web site without displaying information about its origin.
You are not vulnerable, if you do not experience the above behaviour.
What should you do?
Please view the appropriate Secunia advisory for information about how you can fix or mitigate the impact of this vulnerability. The Secunia advisories will be updated when the vendors issue patches.
View the Secunia advisory regarding your browser:
- Internet Explorer for Mac
- Internet Explorer
- Opera
- Safari
- iCab
- Mozilla / FireFox / Camino
This illustration may be used freely in news articles and web sites as long as Secunia.com is referenced as the source and the illustration links back to this page.
Staying Informed
In order to protect yourself, it is a very good idea to stay informed about the latest threats from vulnerabilities in the software you are using.
Secunia offers a free weekly newsletter, which covers the latest threats from vulnerabilities.
To sign-up for the Secunia Weekly Summary, please enter your email address in the field below and submit the form:
|
