Browsers: Multiple Browsers Window Injection Vulnerability Test
mowgreen writes "2004-12-08
Secunia Research has reported a vulnerability, which affects most browsers. The vulnerability can be exploited by a malicious web site to "hi-jack" a named browser window, regardless of which web site is the true "owner" of the window.
----------------------------------------------------------------
Test Case / Demonstration
This demonstration will open the USA Today web site in a new window. On the USA Today web site, you have to click a link labelled "Day in Pictures", which is located in the menu on the left side of the USA Today web site.
Start the test: Click the first link if you have a pop-up blocker enabled, or the second link if you do not have a pop-up blocker enabled.
Go here to start the tests (javascript code is used, and the Secunia page has it embedded for the test to run properly).
Result
You are vulnerable, if a pop-up window opened and showed information from Secunia and not from USA Today.
What should you do?
Please view the appropriate Secunia advisory for information about how you can fix or mitigate the impact of this vulnerability. The Secunia advisories will be updated when the vendors issue patches.
