9. December 2004




Multiple Browsers Window Injection Vulnerability

Multiple Browsers Window Injection VulnerabilitySecunia Research has reported a vulnerability, which affects most browsers. The vulnerability can be exploited by a malicious web site to hi-jack a named browser window, regardless of which web site is the true owner of the window.

The problem is that a website can inject content into another site's window if the target name of the window is known. This can e.g. be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website.

The site includes a live test with the Citibank.com and it works every time. The solution is not to browse untrusted sites while browsing trusted sites.

Read more: http://secunia.com/...


by Miguel Moreno

Category: | Tags:

E-mail | Permalink | Comments (0)