Multiple Browsers Window Injection Vulnerability Test

Software Inspectors

	Scan Online

	Personal (PSI)

	Network (NSI 2.0)

Solutions For

	Security Professionals

	Security Vendors

Free Solutions For

	Open Communities

	Journalists & Media

Secunia Advisories

	Search

	Historic Advisories

	Listed By Product

	Listed By Vendor

	Statistics / Graphs

	Secunia Research

	Report Vulnerability

	About Advisories

Virus Information

	Chronological List

	Last 10 Virus Alerts

	About Virus Information

Secunia Customers

	Customer Area

Multiple Browsers Window Injection Vulnerability Test

Introduction Secunia Research has reported a vulnerability, which affects most browsers. The vulnerability can be exploited by a malicious web site to "hi-jack" a named browser window, regardless of which web site is the true "owner" of the window. Please use the test below, to see an example of how this vulnerability can be exploited, and also to determine whether or not your browser is vulnerable. Test Case / Demonstration This demonstration will open the USA Today web site in a new window. On the USA Today web site, you have to click a link labelled "Day in Pictures", which is located in the menu on the left side of the USA Today web site. Start the test: Click the first link if you have a pop-up blocker enabled, or the second link if you do not have a pop-up blocker enabled. With Pop-up Blocker: Test Now - With Pop-up Blocker - Left Click On This Link Without Pop-up Blocker: Test Now - Without Pop-up Blocker - Left Click On This Link Please note: * If you are running Internet Explorer 7 and are experiencing problems getting the test to work successfully, then please click this link and try again. * If you wish to run the test multiple times, then please refresh this page before each test. Result You are vulnerable, if a pop-up window opened and showed information from Secunia and not from USA Today. What should you do? Please view the appropriate Secunia advisory for information about how you can fix or mitigate the impact of this vulnerability. The Secunia advisories will be updated when the vendors issue patches. View the Secunia advisory regarding your browser: - Internet Explorer 7 - Internet Explorer - Mozilla / Firefox / Camino - Opera - Konqueror - Safari - Netscape - iCab - OmniWeb - Internet Explorer for Mac This illustration may be used freely in news articles and web sites as long as Secunia.com is referenced as the source and the illustration links back to this page. Be alerted when a patch is released Companies have the option of requesting a Secunia account for immediate notification when a patch is released by Microsoft. Request Secunia Account Staying Informed In order to protect yourself, it is a very good idea to stay informed about the latest threats from vulnerabilities in the software you are using. Secunia offers a free weekly newsletter, which covers the latest threats from vulnerabilities. To sign-up for the Secunia Weekly Summary, please enter your email address in the field below and submit the form: Email Address:

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	Mozilla Firefox Multiple Vulnerabilities

2.	PCRE pcre_compile.c Buffer Overflow Vulnerability

3.	VLC Media Player WAV Processing Integer Overflow

4.	Opera for Windows Unspecified Code Execution

5.	GNOME Glib PCRE pcre_compile.c Buffer Overflow Vulnerability

6.	Mozilla Thunderbird Multiple Vulnerabilities

7.	Novell eDirectory ds.dlm Module Buffer Overflow

8.	UnixWare ReliantHA Privilege Escalation Vulnerabilities

9.	Fedora update for glib2

10.	AOL Radio AOLMediaPlaybac kControl.exe Buffer Overflow Vulnerability