Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Browsers wide open to attacks

Browsers wide open to attacks

by Nikola Strahija on June 24th, 2005 A new browser flaw allows attackers to trick users into giving up information, such as passwords.


The flaw is unusual because it affects every browser, and can be exploited on the Mac OS X operating system as easily as on Windows, said security company Secunia.

Because of the way most browsers handle JavaScript dialogue boxes, it isn't clear which site a dialogue box originates from, Secunia said. An untrusted site could direct a user to a secure site such as a bank, and then cause a dialogue box to pop up in front of the banking site's window.

If users entered their password information, the data would be sent to the attacker, Secunia said. -Successful exploitation normally requires that a user is tricked into opening a link from a malicious web site to a trusted website, the company said in its advisory.

The flaw has been confirmed in Opera, Safari, Mozilla-based browsers, iCab and Mac as well as Windows versions of Internet Explorer. As of Wednesday only Opera had issued a patch, in version 8.01. The bug has been fixed in the beta of iCab version 3.0.

Microsoft confirmed that Explorer was vulnerable, but said it has no plans to distribute a fix. --Customers who already follow our general guidance about avoiding spoofing and phishing attacks are at reduced risk of being affected by this issue, Microsoft said in an advisory.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »