Multiple Browsers Tabbed Browsing Vulnerabilities - Secunia Research

Software Inspectors

	Scan Online

	Personal (PSI)

	Network (NSI 2.0)

Solutions For

	Security Professionals

	Security Vendors

Free Solutions For

	Open Communities

	Journalists & Media

Secunia Advisories

	Search

	Historic Advisories

	Listed By Product

	Listed By Vendor

	Statistics / Graphs

	Secunia Research

	Report Vulnerability

	About Advisories

Virus Information

	Chronological List

	Last 10 Virus Alerts

	About Virus Information

Secunia Customers

	Customer Area

Secunia Research: Multiple Browsers Tabbed Browsing Vulnerabilities

====================================================================== Secunia Research 20/10/2004 - Multiple Browsers Tabbed Browsing Vulnerabilities - ====================================================================== Table of Contents Affected Software....................................................1 Severity.............................................................2 Description of Vulnerabilities.......................................3 Solution.............................................................4 Time Table...........................................................5 Credits..............................................................6 References...........................................................7 About Secunia........................................................8 Verification.........................................................9 ====================================================================== 1) Affected Software Mozilla 1.7.3 Mozilla Firefox 0.10.1 Camino 0.8 Opera 7.54 Konqueror 3.2.2-6 Netscape 7.2 Avant Browser 9.02 build 101 Avant Browser 10.0 build 029 Maxthon (MyIE2) 1.1.039 Prior versions of all above software may also be vulnerable. ====================================================================== 2) Severity Rating: Less/Moderately critical Impact: Spoofing Where: From remote ====================================================================== 3) Description of Vulnerabilities Vulnerability "A": It is possible for a inactive tab to spawn dialog boxes e.g. the JavaScript "Prompt" box or the "Download dialog" box, even if the user is browsing/viewing a completely different web site in another tab. The problem is that the browsers does not indicate, which tab launched the dialog boxes, which therefore could lead the user into disclosing information to a malicious web site or to download and run a program, which the user thought came from another trusted web site e.g. their bank. Demonstration: http://secunia.com/multiple_browsers_dialog_box_spoofing_test/ Vulnerability "A" Affects: Mozilla 1.7.3 Mozilla Firefox 0.10.1 Camino 0.8 Opera 7.54 Konqueror 3.2.2-6 Netscape 7.2 Avant Browser 9.02 build 101 Avant Browser 10.0 build 029 Maxthon (MyIE2) 1.1.039 Vulnerability "B": It is possible for a inactive tab to always gain focus on a form field in the inactive tab, even if the user is browsing/viewing a completely different web site in another tab. This is escalated a bit by the fact that most people do not look at the monitor while typing data into a form field, and therefore might send data to the site in the inactive tab, instead of the intended/viewed tab. Demonstration: http://secunia.com/multiple_browsers_form_field_focus_test/ Vulnerability "B" Affects: Mozilla 1.7.3 Mozilla Firefox 0.10.1 Netscape 7.2 Avant Browser 9.02 build 101 Avant Browser 10.0 build 029 Maxthon (MyIE2) 1.1.039 ====================================================================== 4) Solution Mozilla: Vulnerability "A": Disable JavaScript or do not visit untrusted and trusted websites at the same time. Vulnerability "B": Disable JavaScript or do not visit untrusted and trusted websites at the same time. Mozilla Firefox: Vulnerability "A": Disable JavaScript or do not visit untrusted and trusted websites at the same time. Vulnerability "B": Disable JavaScript or do not visit untrusted and trusted websites at the same time. Camino: Vulnerability "A": Disable JavaScript or do not visit untrusted and trusted websites at the same time. Vulnerability "B": Not affected by this vulnerability. Opera: Vulnerability "A": Will be fixed in Opera 7.60. Until Opera 7.60 becomes available, Opera Software will release an advisory on this issue, which will be available on the Opera website. Vulnerability "B": Not affected by this vulnerability. Avant Browser: Vulnerability "A": Vulnerable. However, vendor never responded to inquiries. Disable JavaScript or do not visit untrusted and trusted websites at the same time. Vulnerability "B": Vulnerable. However, vendor never responded to inquiries. Disable JavaScript or do not visit untrusted and trusted websites at the same time. Konqueror: Vulnerability "A": The Vendor reports that KDE version 3.3.1 fixes this vulnerability. Vulnerability "B": Not affected by this vulnerability. Netscape: Vulnerability "A": Vulnerable. However, vendor never responded to inquiries. Disable JavaScript or do not visit untrusted and trusted websites at the same time. Vulnerability "B": Vulnerable. However, vendor never responded to inquiries. Disable JavaScript or do not visit untrusted and trusted websites at the same time. Maxthon: Vulnerability "A": Will be fixed in an upcoming version. Disable JavaScript or do not visit untrusted and trusted websites at the same time. Vulnerability "B": Will be fixed in next version. Disable JavaScript or do not visit untrusted and trusted websites at the same time. ====================================================================== 5) Time Table 04/10/2004 - Vulnerabilities reported to Netscape, Mozilla, Opera and Avant Browser. 05/10/2004 - Vulnerabilities reported to KDE (Konqueror) and Maxthon. 08/10/2004 - Netscape and Avant contacted again as they have not responded. 20/10/2004 - Public disclosure. ====================================================================== 6) Credits Discovered by Jakob Balle, Secunia Research. ====================================================================== 7) References Secunia Advisories: http://secunia.com/SA12706 http://secunia.com/SA12712 http://secunia.com/SA12713 http://secunia.com/SA12714 http://secunia.com/SA12717 http://secunia.com/SA12731 ====================================================================== 8) About Secunia Secunia collects, validates, assesses, and writes advisories regarding all the latest software vulnerabilities disclosed to the public. These advisories are gathered in a publicly available database at the Secunia web site: http://secunia.com/ Secunia offers services to our customers enabling them to receive all relevant vulnerability information to their specific system configuration. Secunia offers a FREE mailing list called Secunia Security Advisories: http://secunia.com/secunia_security_advisories/ ====================================================================== 9) Verification Please verify this advisory by visiting the Secunia web site: http://secunia.com/secunia_research/2004-10/ ======================================================================

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	OpenBSD BIND Query Port DNS Cache Poisoning

2.	Drupal Session Fixation Vulnerability

3.	Linux Kernel LDT Buffer Size Handling Vulnerability

4.	Debian update for clamav

5.	Red Hat update for kernel

6.	dnsmasq Denial of Service and DNS Cache Poisoning

7.	Red Hat update for thunderbird

8.	YouTube Blog Multiple Vulnerabilities

9.	Apple Safari Cross-Domain Cookie Injection Vulnerability

10.	Ubuntu update for php