F
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
J
John Corliss
Fuzzy said:
Note the following:
"The vulnerability has been confirmed in the following browsers:
* Opera 7.51 for Windows
* Opera 7.50 for Linux
* Mozilla 1.6 for Windows
* Mozilla 1.6 for Linux
* Mozilla Firebird 0.7 for Linux
* Mozilla Firefox 0.8 for Windows
* Netscape 7.1 for Windows
* Internet Explorer for Mac 5.2.3
* Safari 1.2.2
* Konqueror 3.1-15redhat
Other versions may also be affected.
*The vulnerability also affects Internet Explorer*:
SA11966
Solution:
Do not browse untrusted sites while browsing trusted sites.
The following browsers are not affected:
* Mozilla Firefox 0.9 and later
* Mozilla 1.7
* Opera 7.52
* Netscape 7.2
* Camino 0.8 (build 2004062308)
KDE has issued patches for Konqueror."
G
gonzo
I have Mozilla 1.7.7 and Firefox 1.0.4, both fail the test.???John Corliss said:Note the following:
"The vulnerability has been confirmed in the following browsers:
* Opera 7.51 for Windows
* Opera 7.50 for Linux
* Mozilla 1.6 for Windows
* Mozilla 1.6 for Linux
* Mozilla Firebird 0.7 for Linux
* Mozilla Firefox 0.8 for Windows
* Netscape 7.1 for Windows
* Internet Explorer for Mac 5.2.3
* Safari 1.2.2
* Konqueror 3.1-15redhat
Other versions may also be affected.
*The vulnerability also affects Internet Explorer*:
SA11966
Solution:
Do not browse untrusted sites while browsing trusted sites.
The following browsers are not affected:
* Mozilla Firefox 0.9 and later
* Mozilla 1.7
* Opera 7.52
* Netscape 7.2
* Camino 0.8 (build 2004062308)
KDE has issued patches for Konqueror."
J
John Corliss
gonzo said:I have Mozilla 1.7.7 and Firefox 1.0.4, both fail the test.???
Not according to the above:
__________________________________
The following browsers are not affected:
* Mozilla Firefox 0.9 and later
* Mozilla 1.7
__________________________________
I intend to keep using Mozilla to surf and I'm still using 1.7.5.
F
Fuzzy Logic
Other versions may also be affected.
*The vulnerability also affects Internet Explorer*:
SA11966
SA11966 is from a year ago and has had a solution for about as long.
Firefox/Mozilla have apparently reintroduced this bug recently and thus the
repost of the vulnerability.
Please read the link provided above. Here is an excerpt:
The vulnerability has been confirmed in Firefox 1.0.4 and Mozilla 1.7.8.
Other versions may also be affected.
E
elaich
The vulnerability has been confirmed in Firefox 1.0.4 and Mozilla 1.7.8.
Other versions may also be affected.
The bug only works if you:
1. Have Javascript enabled, and:
2. Open new windows when clicking on links rather than use tabbed browsing.
Seeing how some sites force new windows to open, it's a concern, but not a
large one.
D
David
Not according to the above:
__________________________________
The following browsers are not affected:
* Mozilla Firefox 0.9 and later
* Mozilla 1.7
__________________________________
I intend to keep using Mozilla to surf and I'm still using 1.7.5.
From the above site:
"Description:
A seven year old vulnerability has been re-introduced in Mozilla and
Firefox, which can be exploited by malicious people to spoof the
contents of web sites."
and
"The vulnerability has been confirmed in Firefox 1.0.4 and Mozilla
1.7.8. Other versions may also be affected."
The advisory also states to "proceed with caution". Personally I never
surf in any other fashion.
M
me
ad 1. Wrong. JS need not be enabled.elaich said:The bug only works if you:
1. Have Javascript enabled, and:
2. Open new windows when clicking on links rather than use
tabbed browsing.
Seeing how some sites force new windows to open, it's a
concern, but not a large one.
FWIW, old Netscape v4.whatever are vulnerable, too.
J
S
Slip Kid
Fuzzy said:
I failed with Firefox (Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
rv:1.7.8).
Other than capturing info (not a small theft) what else could the *fake*
window do? My firewall still protects me unless I manually provide (key
in) information at a site - -Correct?
?
=?ISO-8859-1?Q?=BBQ=AB?=
I failed with Firefox (Mozilla/5.0 (Windows; U; Windows NT 5.1;
en-US; rv:1.7.8).
That version has the vulnerability. To make the Secunia demo work, you
have to have the browser set to open new windows instead of tabs.
Other than capturing info (not a small theft) what else could the
*fake* window do? My firewall still protects me unless I manually
provide (key in) information at a site - -Correct?
It's just a spoofing vulnerability -- as long as you are not fooled
into entering info into a form in a spoofed page, no worries. If you
are ever unsure about whether a frame is legit, right click it and
choose "this frame » view frame info" to see what its URL is.
S
Slip Kid
»Q« said:That version has the vulnerability. To make the Secunia demo work, you
have to have the browser set to open new windows instead of tabs.
I went to Options/Advanced-- Check Open.....a new window/
I closed Firefox, even checking TaskManager to make sure it was shutdown.
I opened it (you know where this is going..) Yep, I went to Secunia and
MS and back to Secunia and their page fill the MS frame.
It's just a spoofing vulnerability -- as long as you are not fooled
into entering info into a form in a spoofed page, no worries. If you
are ever unsure about whether a frame is legit, right click it and
choose "this frame » view frame info" to see what its URL is.
OH...!
Only the *frame* of a site can be screwed with (Yes, it is probably
noted in this thread...) - - I guess a good habit is no not place any
info in *any* frame...Why risk it? (Like I can tell if a frame is
legit?) No, I am not ever *not* unsure.
Thanks!
A
Aaron
elaich said:The bug only works if you:
1. Have Javascript enabled, and:
2. Open new windows when clicking on links rather than use tabbed
browsing.
Seeing how some sites force new windows to open, it's a concern, but
not a large one.
Firefox can be set to ignore what the website wants.
S
Slip Kid
Aaron said:Firefox can be set to ignore what the website wants.
OK?
How?
It begs the question:
How do we know *what* any website *wants* (and how does one selectively
not provide it)?
B
Brian
John said:Not according to the above
Huh? The link states: "The vulnerability has been confirmed in
Firefox 1.0.4 and Mozilla 1.7.8." What page are you reading?
B
Brian
elaich said:The bug only works if you:
1. Have Javascript enabled, and:
2. Open new windows when clicking on links rather than use tabbed
browsing.
Seeing how some sites force new windows to open, it's a concern, but
not a large one.
And there's a way to force Firefox to open ALL new windows in tabs
anyway, so it's really NO concern if you have it set up that way.
A
Aaron
OK?
How?
Numerous ways. Extensions is one way.
There is a one window mode in firefox, I don't know if it strictly forces
all links to open in tabs though.
It begs the question:
How do we know *what* any website *wants*
A little understanding of html,javascript etc of course.
The most obvious, links with target="_blank"
(and how does one selectively
not provide it)?
Did I say selectively? Though possible (eg firefox can open all popups in
tabs except for popups with a defined size) of course.