Introduction
Secunia Research has reported a vulnerability, which affects most browsers. The vulnerability can be exploited by a malicious web site to "hi-jack" a named browser window, regardless of which web site is the true "owner" of the window.
Please use the test below, to see an example of how this vulnerability can be exploited, and also to determine whether or not your browser is vulnerable.
Test Case / Demonstration
This demonstration will open the USA Today web site in a new window. On the USA Today web site, you have to click a link labelled "Day in Pictures", which is located in the menu on the left side of the USA Today web site.
Start the test: Click the first link if you have a pop-up blocker enabled, or the second link if you do not have a pop-up blocker enabled.
With Pop-up Blocker:
Test Now - With Pop-up Blocker - Left Click On This Link
Without Pop-up Blocker:
Test Now - Without Pop-up Blocker - Left Click On This Link
Please note:
* If you are running Internet Explorer 7 and are experiencing problems getting the test to work successfully, then please click this link and try again.
* If you wish to run the test multiple times, then please refresh this page before each test.
Result
You are vulnerable, if a pop-up window opened and showed information from Secunia and not from USA Today.
What should you do?
Be alerted when a patch is released
Companies have the option of requesting a Secunia account for immediate notification when a patch is released by Microsoft.
Request Secunia Account
Staying Informed
In order to protect yourself, it is a very good idea to stay informed about the latest threats from vulnerabilities in the software you are using.
Secunia offers a free weekly newsletter, which covers the latest threats from vulnerabilities.
To sign-up for the Secunia Weekly Summary, please enter your email address in the field below and submit the form:
|
