[THIN] OT: Security Vulnerabilities Notice for FireFox et all...

• From: Thin Fan <thinfan@xxxxxxxxx>
• To: thin@xxxxxxxxxxxxx
• Date: Wed, 20 Oct 2004 10:35:14 -0700

======================================================================

                     Secunia Research 20/10/2004

        - Multiple Browsers Tabbed Browsing Vulnerabilities -

======================================================================
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of Vulnerabilities.......................................3
Solution.............................................................4
Time Table...........................................................5
Credits..............................................................6
References...........................................................7
About Secunia........................................................8
Verification.........................................................9

======================================================================
1) Affected Software

Mozilla 1.7.3
Mozilla Firefox 0.10.1
Camino 0.8
Opera 7.54
Konqueror 3.2.2-6
Netscape 7.2
Avant Browser 9.02 build 101
Avant Browser 10.0 build 029
Maxthon (MyIE2) 1.1.039

Prior versions of all above software may also be vulnerable.

======================================================================
2) Severity

Rating: Less/Moderately critical
Impact: Spoofing
Where:  From remote

======================================================================
3) Description of Vulnerabilities


Vulnerability "A":
It is possible for a inactive tab to spawn dialog boxes e.g. the
JavaScript "Prompt" box or the "Download dialog" box, even if the user
is browsing/viewing a completely different web site in another tab.

The problem is that the browsers does not indicate, which tab launched
the dialog boxes, which therefore could lead the user into disclosing
information to a malicious web site or to download and run a program,
which the user thought came from another trusted web site e.g. their
bank.

Demonstration:
http://secunia.com/multiple_browsers_dialog_box_spoofing_test/

Vulnerability "A" Affects:
Mozilla 1.7.3
Mozilla Firefox 0.10.1
Camino 0.8
Opera 7.54
Konqueror 3.2.2-6
Netscape 7.2
Avant Browser 9.02 build 101
Avant Browser 10.0 build 029
Maxthon (MyIE2) 1.1.039


Vulnerability "B":
It is possible for a inactive tab to always gain focus on a form field
in the inactive tab, even if the user is browsing/viewing a completely
different web site in another tab.

This is escalated a bit by the fact that most people do not look at
the monitor while typing data into a form field, and therefore might
send data to the site in the inactive tab, instead of the
intended/viewed tab.

Demonstration:
http://secunia.com/multiple_browsers_form_field_focus_test/

Vulnerability "B" Affects:
Mozilla 1.7.3
Mozilla Firefox 0.10.1
Netscape 7.2
Avant Browser 9.02 build 101
Avant Browser 10.0 build 029
Maxthon (MyIE2) 1.1.039

======================================================================
4) Solution

Mozilla:
  Vulnerability "A":
    Disable JavaScript or do not visit untrusted and trusted websites
    at the same time.

  Vulnerability "B":
    Disable JavaScript or do not visit untrusted and trusted websites
    at the same time.


Mozilla Firefox:
  Vulnerability "A":
    Disable JavaScript or do not visit untrusted and trusted websites
    at the same time.

  Vulnerability "B":
    Disable JavaScript or do not visit untrusted and trusted websites
    at the same time.


Camino:
  Vulnerability "A":
    Disable JavaScript or do not visit untrusted and trusted websites
    at the same time.

  Vulnerability "B":
    Not affected by this vulnerability.


Opera:
  Vulnerability "A":
    Will be fixed in Opera 7.60.

    Until Opera 7.60 becomes available, Opera Software will release an
    advisory on this issue, which will be available on the Opera
    website.

  Vulnerability "B":
    Not affected by this vulnerability.


Avant Browser:
  Vulnerability "A":
    Vulnerable. However, vendor never responded to inquiries.

    Disable JavaScript or do not visit untrusted and trusted websites
    at the same time.

  Vulnerability "B":
    Vulnerable. However, vendor never responded to inquiries.

    Disable JavaScript or do not visit untrusted and trusted websites
    at the same time.


Konqueror:
  Vulnerability "A":
    The Vendor reports that KDE version 3.3.1 fixes this
    vulnerability.

  Vulnerability "B":
    Not affected by this vulnerability.


Netscape:
  Vulnerability "A":
    Vulnerable. However, vendor never responded to inquiries.

    Disable JavaScript or do not visit untrusted and trusted websites
    at the same time.

  Vulnerability "B":
    Vulnerable. However, vendor never responded to inquiries.

    Disable JavaScript or do not visit untrusted and trusted websites
    at the same time.


Maxthon:
  Vulnerability "A":
    Will be fixed in an upcoming version.

    Disable JavaScript or do not visit untrusted and trusted websites
    at the same time.

  Vulnerability "B":
    Will be fixed in next version.

    Disable JavaScript or do not visit untrusted and trusted websites
    at the same time.


======================================================================
5) Time Table

04/10/2004 - Vulnerabilities reported to Netscape, Mozilla, Opera and
             Avant Browser.
05/10/2004 - Vulnerabilities reported to KDE (Konqueror) and Maxthon.
08/10/2004 - Netscape and Avant contacted again as they have not
             responded.
20/10/2004 - Public disclosure.

======================================================================
6) Credits

Discovered by Jakob Balle, Secunia Research.

======================================================================
7) References

Secunia Advisories:
http://secunia.com/SA12706
http://secunia.com/SA12712
http://secunia.com/SA12713
http://secunia.com/SA12714
http://secunia.com/SA12717
http://secunia.com/SA12731

======================================================================
8) About Secunia

Secunia collects, validates, assesses, and writes advisories regarding
all the latest software vulnerabilities disclosed to the public. These
advisories are gathered in a publicly available database at the
Secunia web site:

http://secunia.com/

Secunia offers services to our customers enabling them to receive all
relevant vulnerability information to their specific system
configuration.

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/secunia_security_advisories/

======================================================================
9) Verification

Please verify this advisory by visiting the Secunia web site:
http://secunia.com/secunia_research/2004-10/

======================================================================
********************************************************
This Weeks Sponsor RTO Software
Do you know which applications are abusing your CPU and memory?
Would you like to learn? --   Free for a limited time!
Get the RTO Performance Analyzer to quickly learn the applications, users,
and time of day possible problems exist.
http://www.rtosoft.com/enter.asp?id=320
********************************************************** 
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

Other related posts:

• » [THIN] OT: Security Vulnerabilities Notice for FireFox et all...

1. Home
2. thin
3. Archive
4. 10-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---