IE, Opera, Mozilla, Firefox, Dialog Origin Spoofing Vulnerability

Discussion in 'other security issues & news' started by ronjor, Jun 21, 2005.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,770
    Location:
    Texas
    Less critical
    Impact:Spoofing


    Test on site.



    Secunia
     
    Last edited: Jun 21, 2005
  2. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    I seemed to not find the reference to IE in the Title....perhaps they changed it and the software it actually affects :doubt: :eek:

    Code:
    [B]Software: [/B] 
    Camino 0.x
    Mozilla 1.7.x
    Mozilla Firefox 0.x
    Mozilla Firefox 1.x
    Edit:
    Found it....they made it a separate vulnerability advisory.

    Microsoft Internet Explorer Dialog Origin Spoofing Vulnerability
     
  3. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    No Opera either....
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,770
    Location:
    Texas
  5. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    They chose to not put it all in one advisory....but to break it out into other advisories.

    Multiple Browsers Dialog Origin Vulnerability Test

    Fine here....appears you haven't had yours yet :D
     
  6. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    OK... found it...

    I failed the test even tho I have done the solution they gave.... I have version 8.01 - the latest...
     

    Attached Files:

  7. SSK

    SSK Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    976
    Location:
    Amsterdam
    Although the javascript window will come up and say you failed the test, on my Opera 8.01 it showed that the window came from:

    www.google.com.secunia.com

    Instead of www.google.com
     
  8. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    So I guess that my browser did not really fail :D , but I did because I did not pay attention to the window :rolleyes: . I think there is a lesson to be learned there somewhere :cool: :ninja: ...
     
  9. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Perhaps I am missing something or attempting this in the wrong order....but if an IE user has Active script disabled....this supposed vulnerability does not work :doubt:

    Point being....Secunia almost always makes a comment concerning at least one solution....Disable Active Scripting Support....but not in this case.

    If I view this page ....as the supposed 1st step(The user visits a malicious website) with Active script disabled....the below script is not able to execute....which means after that all bets are off.

     
  10. SSK

    SSK Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    976
    Location:
    Amsterdam
    :D (the single biggest problem I have with computers is that I never take the time to RTFM :D )

    Yep, with scripting turned of in IE this exploit will not work. Its indeed strange Secunia has not posted a notice about this.
     
  11. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hi,
    Once again, PROXOMITRON.
    Protected the computer for the last vulnerability.
    Protected the computer this time again.
    Proxo + Kye-U filter = very good condomized (safe) browsing.
    Mrk
     
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,038
    Location:
    The Netherlands
Loading...
Thread Status:
Not open for further replies.