Jump to content
Posted 08 December 2004 - 01:54 PM
Posted 08 December 2004 - 08:21 PM
Edited by jgweed, 09 December 2004 - 11:11 AM.
Posted 08 December 2004 - 10:17 PM
A function built into all major browsers could be co-opted by attackers to fool Web site visitors into surrendering sensitive information, a security firm warned on Wednesday.
The issue, which security firm Secunia labeled a flaw, could allow a malicious Web site to refer visitors to a legitimate site--such as a bank's Web site--and then control the content displayed in a pop-up windows. The issue affects Microsoft's Internet Explorer, the Mozilla Foundation's Mozilla and Firefox browsers, Opera's browser, the open-source Konqueror browser and Apple Computer's Safari, the firm stated in advisories on its site.
"No browsers warn or check if the other site is allowed to change the content of the pop-up window," Thomas Kristensen, chief technology officer for Secunia, said in an e-mail to CNET News.com. "If the pop-up window is opened because the users clicked on a specific functionality, the user has no reason to suspect that the content in the window has been changed by a malicious site."
The company has created demonstration that takes advantage of the flaw on its Web site. The example sends a user to Citibank's Web site, where clicking on the image opens a pop-up Window that is controlled by Secunia's program.
Microsoft said that the attack uses a legitimate feature of browsers to fool users.
Edited by KoanYorel, 08 December 2004 - 10:19 PM.
0 members, 0 guests, 0 anonymous users