BugTraq
Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State) Aug 26 2004 02:51PM
john courcoul mac com (2 replies)
Re: Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State) Aug 27 2004 03:28PM
Rishi Khan (rishi udel edu)
This is a known issue with Apples Java plugin ... not netscape or
mozilla.
See: http://bugzilla.mozilla.org/show_bug.cgi?id=162134

It has to due with the plugin ignoring clipRect and NPWindow

On Aug 26, 2004, at 10:51 AM, john.courcoul (at) mac (dot) com [email concealed] wrote:

> Didn't think I'd ever get the chance to report some form of
> vulnerability, but I did. Minor, granted, but a bug nonetheless.
>
> Use the latest browser from Netscape, Gecko/20040804 Netscape/7.2, set
> up for tabbed browsing, on a MacOS X 10.3.5 platform with all the
> latest patches. Open Andy Cuff's "radar" page in the first tab: it
> sets up two scrolling displays (Security News and Vulnerabilities) on
> the left side of the window and a date ticker in the middle, under
> "Operational Picture". Open a new tab, which should be completely
> independent and allow you to browse another site without interference.
> Not a chance: the scrolling displays and the date ticker promptly
> highjack the new pane and display their info on it, on top of any page
> you should happen to load there. And the scrollers are "live" in
> whatever tab they have highjacked: click on any of the items they are
> displaying, and the corresponding page gets loaded on the highjacked
> tab, NOT on the original "radar" tab. Only until you close the "radar"
> tab do the scrollers and ticker go away in all other tabs.
>
> Works the other way around too: create a bunch of tabs and load all
> sorts of different sites on them. On the very last tab, open Andy's
> page. It promptly takes over all tabs and splashes the scrollers and
> ticker all over the place.
>
> In this case, just a nuisance, but might conceivably be misused. Since
> this information is placed on top of the highjacked tabs, and will
> cause a new page to load on that tab, a carefully crafted scroller or
> ticker could misdirect a user trying to do banking on a tab to be
> redirected to a hostile server elsewhere (i.e., carefully place the
> scroller on top of the "submit" button, tell the user that the
> operation failed and get them to retype their private info.)
>
> Could this be classified as "phishing" ?
>
> J. Courcoul
>
> Andy Cuff wrote:
>
>> Hi All,
>> As a great believer in being able to track emerging vulnerabilities
>> with
>> minimal effort, I have created another "Alert State" image.
>> http://securitywizardry.com/radar.htm However, I have tried to make
>> it a
>> lot more granular dividing the image up into OS and Applications and
>> reducing the alert states to just 3. At present I'm tracking the
>> vulnerabilities myself, though I'm hoping some kind hearted
>> vulnerability
>> alert service such as one of these
>> http://securitywizardry.com/alert.htm
>> will offer to notify me when significant vulnerabilities occur that
>> may
>> warrant a change in an enterprises CND posture. I hope you find it of
>> use,
>> enjoy!
>>
>> Advice, criticism, bitchin' etc welcomed as always
>>
>> -andy cuff
>> Talisker's Computer Security Portal
>> Computer Network Defence Ltd
>> http://www.securitywizardry.com
>>
>

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus