Multi Browser Security Flaw

  • Thread starter Haggard the Horrendous
  • Start date
H

Haggard the Horrendous

From a friend:
-------------------------------------------------------------------------------------------------------
The research security group Secunia has found a flaw in versions of
Internet Explorer, Mozilla, Netscape and other browsers. This flaw
allows hackers to spoof content from legitimate Web sites.

This means you could potentially download malicious code thinking
it was a legitimate update or program.

Microsoft says that this flaw has been patched. Secunia counters that
this flaw exists even with the patch installed. Secunia has a test to
see if you're at risk:
http://secunia.com/multiple_browsers_frame_injection_vulnerability_test

I ran the test. My fully patched version of Internet Explorer was
vulnerable, but Mozilla was not.

This problem occurs if you have two Web sites open, and one of them
is run by hackers. If you continue to use Internet Explorer, keep only
one Web site open.
 
S

scroob

(Haggard the Horrendous) wrote in
The research security group Secunia has found a flaw in versions of
Internet Explorer, Mozilla, Netscape and other browsers. This flaw
allows hackers to spoof content from legitimate Web sites.
Click to expand...

Netscape 7.1 - vulnerable
Firefox 0.8 - vulnerable
 
S

scroob

(Haggard the Horrendous) wrote in
The research security group Secunia has found a flaw in versions of
Internet Explorer, Mozilla, Netscape and other browsers. This flaw
allows hackers to spoof content from legitimate Web sites.
Click to expand...

Firefox 0.91 - safe
 
S

Steven Burn

POKO said:
My casual use of Firefox just went full time. IE now only for backup
use.
Click to expand...

hehe, I wouldn't use Mozilla if you paid me (simply don't like it),
irrespective of the current security issues with the IE engine.

--

Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!
 
R

R. L.

(Haggard the Horrendous) wrote in


Netscape 7.1 - vulnerable
Firefox 0.8 - vulnerable
Click to expand...

I might be doing something right here: GreenBrowser (IE
shell), Proxomitron bypassed, but still can't get the
demonstrate page to look like the MS site - am I missing
something?


--
RL
Unofficial Adaware Updater; Little (File) Backer Upper; Uptime
Quickie; Tray Quickie; Google Quickie; Lefty Animated
Cursors;
http://home.earthlink.net/~ringomei/page2.html
*******************************************
Places that list the Pricelessware annual voting results and
information:
http://www.pricelessware.org,
http://lesspriceware.netfirms.com/
 
J

Jack D. Russell, Sr.

======================================================================
* Reply by Jack D. Russell, Sr. <[email protected]>
* Newsgroup: alt.comp.freeware
* Reply to: All; "R. L." <ringomeinew@_hot_mail_.YOU_KNOW_THE_REST>
* Date: Mon, 05 Jul 2004 17:18:58 GMT
* Subj: Re: Multi Browser Security Flaw
======================================================================


RL> I might be doing something right here: GreenBrowser (IE
RL> shell), Proxomitron bypassed, but still can't get the
RL> demonstrate page to look like the MS site - am I missing
RL> something?

Maybe. It doesn't just look like the MS site. Read it again and click
on the links that they supply, in the order that they say.. It should
insert the security group warning inside of one of the "Frames" on the
MS page that it has you click on.
FWIW...I tried it using a link other than the link that they supplied
(I used Window's Update.) and it failed to load the warning in any
frame on the page.
 
J

jo

(Haggard the Horrendous) said:
And you determined this how?
Click to expand...

I was drunk and paranoid. The site seems overwritten for so little
content. Just been back and run the test.
My default configuration of Opera identifying itself as Opera passes
the test; identifying as IE6 it fails.
I have a mind to continue to identify as Opera. :)

This site is a nice reason for continuing to be paranoid:

http://www.symantec.ar.nu/ (NEWBIES BEWARE)

I don't know how long it has been up, but it is over two weeks.
Downloading and running the cleaner file would be a trifle foolish.
 
R

R. L.

============================================================
========== * Reply by Jack D. Russell, Sr.
<[email protected]> * Newsgroup: alt.comp.freeware
* Reply to: All; "R. L."
<ringomeinew@_hot_mail_.YOU_KNOW_THE_REST> * Date: Mon, 05
Jul 2004 17:18:58 GMT * Subj: Re: Multi Browser Security
Flaw
============================================================
==========

RL> I might be doing something right here: GreenBrowser
(IE RL> shell), Proxomitron bypassed, but still can't get
the RL> demonstrate page to look like the MS site - am I
missing RL> something?
Click to expand...
Maybe. It doesn't just look like the MS site.
Click to expand...

I must be really missing it .... first, the demonstration page
look just like the secunia.com page (not with the MS fram) and
with this message in the middle:

"This page could have been a malicious web page, spoofed to
look like a genuine Microsoft web page. You could e.g. be
asked to install a component, which would compromise your
system, or to provide your windows license key or credit card
number."

But it look like the secunia.com site but not the MS one
Read it again
and click on the links that they supply, in the order that
they say.. It should insert the security group warning
inside of one of the "Frames" on the MS page that it has
you click on.
Click to expand...

Ok, then, I browsed through the MS page I opened with the
Secunia's first link, to see if there is anything obviously
got inserted, but it just look the same....
FWIW...I tried it using a link other than the
link that they supplied (I used Window's Update.) and it
failed to load the warning in any frame on the page.
Click to expand...

I *think* that particular test was designed only for the MS
page that they indicated.

What exactly am I supposed to see if the test result is
vulnerable?

In addition, I saw
http://secunia.com/advisories/11978/

which lists the browsers that are vulnerable, but IE6 is not
on this list:

Internet Explorer 5.x for Mac
Konqueror 3.x
Mozilla 0.x
Mozilla 1.0
Mozilla 1.1
Mozilla 1.2
Mozilla 1.3
Mozilla 1.4
Mozilla 1.5
Mozilla 1.6
Mozilla Firefox 0.x
Netscape 6.x
Netscape 7.x
Opera 5.x
Opera 6.x
Opera 7.x
Safari 1.x


Wondering....


--
RL
Unofficial Adaware Updater; Little (File) Backer Upper; Uptime
Quickie; Tray Quickie; Google Quickie; Lefty Animated
Cursors;
http://home.earthlink.net/~ringomei/page2.html
*******************************************
Places that list the Pricelessware annual voting results and
information:
http://www.pricelessware.org,
http://lesspriceware.netfirms.com/
 
C

Conor

hehe, I wouldn't use Mozilla if you paid me (simply don't like it),
irrespective of the current security issues with the IE engine.
Click to expand...
So you're quite happy having all the traffic of a "secure" online
banking session logged and sent to a site in Russia?
 
S

Steven Burn

Conor said:
So you're quite happy having all the traffic of a "secure" online
banking session logged and sent to a site in Russia?
Click to expand...

Absolutely not and is the reason I don't do online banking ;o)

My philosophy is simple......... I don't go anywhere near things I do not
trust ;o) (tis much safer, hehe)

--

Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!
 
A

Andy Boze

R. L. said:
What exactly am I supposed to see if the test result is
vulnerable?
Click to expand...

If your browser is vulnerable, one of the frames in the MSDN page will
be replaced by a Secunia page. I tried in Moz 1.8a2, and nothing changed
in the MSDN page. In IE6 (up-to-date, fully patched), the right frame
was replaced by a Secunia page.
In addition, I saw
http://secunia.com/advisories/11978/

which lists the browsers that are vulnerable, but IE6 is not
on this list:
Click to expand...

It's not in the list, but the page does say:

The vulnerability also affects Internet Explorer:
SA11966

which links to http://secunia.com/SA11966/ .

Andy.......................
 
H

hashi

before I waste a bunch of time for nothing, Can someone confirm that 1.7 is
really safe? because 1.7b is vulnerable.

Mozilla 1.7b
Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7b) Gecko/20040421
 
B

Britannica

If your browser is vulnerable, one of the frames in the MSDN page will
be replaced by a Secunia page. I tried in Moz 1.8a2, and nothing changed
in the MSDN page. In IE6 (up-to-date, fully patched), the right frame
was replaced by a Secunia page.

It's not in the list, but the page does say:

The vulnerability also affects Internet Explorer:
SA11966

which links to http://secunia.com/SA11966/ .
Click to expand...

According to this page

http://www.securitypipeline.com/news/22103560;jsessionid=MDNGDZXNPT1A4QSNDBCCKHY

"It's not a code vulnerability," said Secunia's Kristensen, "but a
design flaw."

and

"Internet Explorer users can stymie such spoofing attacks by disabling
the "Navigate sub-frames across different domains" setting under
Tools/Internet Options/Security."

Is it possible to disable this functionality in Mozilla ?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Moz? Firefox? Time to update if you haven't... 5
Adobe vulnerable, again 0
Adobe fixes critical Flash flaw 4
Security flaw found in Microsoft Word will be patched today 5
Java flaw allows “complete” bypass of security [update] 1
Warning comes after Microsoft warns on bug in browser 6
Firefox & IE subject to phishing trick 8
IE6 "Security Flaw Exploit" Redirect 1

Top