HomeEnterprise

Tabbed Browsing Flaws Detected

Ryan Naraine
By Ryan Naraine

Tabbed browsing, one of the more popular features built into
alternative Web browsers, contains a security flaw that puts users at
risk of spoofing attacks, research firm Secunia warned on Wednesday.

Secunia released an advisory
detailing the flaws, which affect users of Mozilla,
Mozilla Firefox, Netscape, Opera, Camino, Konqueror, Avant Browser and
Maxthon (MyIE2).

The flaws target the tabbed browsing feature, which lets surfers
view multiple Web sites in a single browser session.

According to
Secunia, the first bug makes it possible for an inactive tab to spawn
dialog boxes even if the user is viewing a different Web site
in another tab.

The browsers don’t indicate which tab
launched the dialog boxes, according to Secunia. This could lead the user into
disclosing information to a malicious Web site or to download and run a
program, which the user thought came from another trusted Web site, the
company warned.

Mozilla 1.7.3,
Mozilla Firefox 0.10.1, Camino 0.8, Opera 7.54, Konqueror 3.2.2-6,
Netscape 7.2, Avant Browser 9.02 build 101, Avant Browser 10.0 build 029
and Maxthon (MyIE2) 1.1.039 are the browser versions susceptible to this flaw.

A demonstration of this vulnerability has been posted online.

A second vulnerability also makes it possible for an inactive tab to
always gain focus on a form field in the inactive tab, even if the user
is viewing a different Web site in another tab,
Secunia said.

“This is escalated a bit by the fact that most people do not look at
the monitor while typing data into a form field, and therefore might
send data to the site in the inactive tab, instead of the
intended/viewed tab,” the company added.

A demonstration
illustrates how users of the following browsers were at
risk: Mozilla 1.7.3,
Mozilla Firefox 0.10.1, Netscape 7.2, Avant Browser 9.02 build 101,
Avant Browser 10.0 build 029 and Maxthon (MyIE2) 1.1.039.

Secunia’s severity ratings for the flaws vary from “moderately
critical” to “less critical” depending on the browser. The company
recommends that users avoid visiting trusted Web sites when tabs are
open with pages of untrusted sites.

Alternatively, users are urged to disable JavaScript until vendor
fixes are made available.

Ryan Naraine
Ryan Naraine
Previous article
IBM Joins Liberty Alliance
Next article
Intel Tweaks Chips for VoIP Revolution

Similar Posts

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web

InternetNews is a source of industry news and intelligence for IT professionals from all branches of the technology world. InternetNews focuses on helping professionals grow their knowledge base and authority in their field with the top news and trends in Software, IT Management, Networking & Communications, and Small Business.

Advertisers

Advertise with TechnologyAdvice on InternetNews and our other IT-focused platforms.

Advertise with Us

Menu

Our Brands

Property of TechnologyAdvice.
© 2024 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.