Pages Menu
TwitterRssFacebook
Categories Menu

Posted by on 8th December, 2004

Multiple Browsers Window Injection Vulnerability

Multiple Browsers Window Injection Vulnerability

Secunia Research has reported a vulnerability, which affects most browsers. The vulnerability can be exploited by a malicious web site to hi-jack a named browser window, regardless of which web site is the true owner of the window.

The problem is that a website can inject content into another site's window if the target name of the window is known. This can e.g. be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website.

The site includes a live test with the Citibank.com and it works every time. The solution is not to browse untrusted sites while browsing trusted sites.

[button link=”http://secunia.com/multiple_browsers_window_injection_vulnerability_test” color=”#FFFFCC” size=”1″ style=”4″ dark=”1″]read more[/button]