Multiple browsers frame injection test

Discussion in 'other security issues & news' started by Tassie_Devils, Jul 8, 2004.

Thread Status:
Not open for further replies.
  1. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Hi saw a post regarding this:

    =======================================================

    http://secunia.com/advisories/11978/

    Test is in page above or straight to test here:

    http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/

    IE is susceptible, however, SP2 cures it automatically, and it *can* be fixed provided the "Allow Sub-frames to Navigate Across Different Domains" in Tools/Internet Options/Security and different zones set to either Prompt or Disable.

    I tested using FF0.9.1 nothing happened.

    Used IE [already had that set to prompt], got the prompt, said NO, and nothing happened.

    Tried it again, said YES and part of the "test page" then appeared inside the original Microsoft test page that opened. Scary stuff if you use a web page like banking, and had it set to Allow without *any* notification.

    If your browser fails, what happens is part of the Secunia page is transferred to the Microsoft test page.

    TAS
     
  2. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    Phew, luckily my firefox 0.9.1 is not vulnerable. I prefer using firefox than IE.
     
  3. Brent

    Brent Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    71
    IE failed with flying colors. Go Microsoft!!!

    Funny after this was known Opera immediatlely released a patch for it... where is our patch Microsoft?
     
  4. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Mozilla 1.7 no probs.
     
  5. Pigman

    Pigman Registered Member

    Joined:
    May 15, 2004
    Posts:
    381
    Firefox 0.9.1 passes it. Nothing happens at all.

    Go Mozilla! :D
     
Loading...
Thread Status:
Not open for further replies.