Multi Browser Security Flaw

[Haggard the Horrendous]

From a friend:
-------------------------------------------------------------------------------------------------------
The research security group Secunia has found a flaw in versions of
Internet Explorer, Mozilla, Netscape and other browsers. This flaw
allows hackers to spoof content from legitimate Web sites.

This means you could potentially download malicious code thinking
it was a legitimate update or program.

Microsoft says that this flaw has been patched. Secunia counters that
this flaw exists even with the patch installed. Secunia has a test to
see if you're at risk:
http://secunia.com/multiple_browsers_frame_injection_vulnerability_test

I ran the test. My fully patched version of Internet Explorer was
vulnerable, but Mozilla was not.

This problem occurs if you have two Web sites open, and one of them
is run by hackers. If you continue to use Internet Explorer, keep only
one Web site open.

 

[jo]

http://secunia.com/muxxxltiple_browsxxers_framexxxon_vulnerability_test

I ran the test.

Interesting decision.

The site hardly inspires confidence.

 

[Steven Burn]

Interesting decision.

The site hardly inspires confidence.

Tis a very trusted and highly regarded site (by myself amongst many others).

--

Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!

 

[Haggard the Horrendous]

Interesting decision.

The site hardly inspires confidence.

And you determined this how?

 

[Haggard the Horrendous]

Tis a very trusted and highly regarded site (by myself amongst many others).

FWIW Mozilla 1.7 passes.

 

[scroob]

(Haggard the Horrendous) wrote in

The research security group Secunia has found a flaw in versions of
Internet Explorer, Mozilla, Netscape and other browsers. This flaw
allows hackers to spoof content from legitimate Web sites.

Netscape 7.1 - vulnerable
Firefox 0.8 - vulnerable

 

[scroob]

(Haggard the Horrendous) wrote in

The research security group Secunia has found a flaw in versions of
Internet Explorer, Mozilla, Netscape and other browsers. This flaw
allows hackers to spoof content from legitimate Web sites.

Firefox 0.91 - safe

 

[*ProteanThread*]

(Haggard the Horrendous) wrote in

Firefox 0.91 - safe

MSN 9 - vulnerable ( obviously )

 

[Aaron]

(Haggard the Horrendous) wrote in

Netscape 7.1 - vulnerable
Firefox 0.8 - vulnerable

Firefox 0.9, 0.9.1 safe.


Aaron (my email is not munged!)

 

[POKO]

Tis a very trusted and highly regarded site (by myself amongst many others).

My casual use of Firefox just went full time. IE now only for backup
use.
POKO

--
P. Keenan - Webmaster
Web Page Design
Manitoulin Island, Canada
http://manitoulinislandwebdesign.it-mate.co.uk/
(e-mail address removed)

 

[Steven Burn]

My casual use of Firefox just went full time. IE now only for backup
use.

hehe, I wouldn't use Mozilla if you paid me (simply don't like it),
irrespective of the current security issues with the IE engine.

--

Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!

 

[R. L.]

(Haggard the Horrendous) wrote in


Netscape 7.1 - vulnerable
Firefox 0.8 - vulnerable

I might be doing something right here: GreenBrowser (IE
shell), Proxomitron bypassed, but still can't get the
demonstrate page to look like the MS site - am I missing
something?


--
RL
Unofficial Adaware Updater; Little (File) Backer Upper; Uptime
Quickie; Tray Quickie; Google Quickie; Lefty Animated
Cursors;
http://home.earthlink.net/~ringomei/page2.html
*******************************************
Places that list the Pricelessware annual voting results and
information:
http://www.pricelessware.org,
http://lesspriceware.netfirms.com/

 

[Jack D. Russell, Sr.]

======================================================================
* Reply by Jack D. Russell, Sr. <[email protected]>
* Newsgroup: alt.comp.freeware
* Reply to: All; "R. L." <ringomeinew@_hot_mail_.YOU_KNOW_THE_REST>
* Date: Mon, 05 Jul 2004 17:18:58 GMT
* Subj: Re: Multi Browser Security Flaw
======================================================================


RL> I might be doing something right here: GreenBrowser (IE
RL> shell), Proxomitron bypassed, but still can't get the
RL> demonstrate page to look like the MS site - am I missing
RL> something?

Maybe. It doesn't just look like the MS site. Read it again and click
on the links that they supply, in the order that they say.. It should
insert the security group warning inside of one of the "Frames" on the
MS page that it has you click on.
FWIW...I tried it using a link other than the link that they supplied
(I used Window's Update.) and it failed to load the warning in any
frame on the page.

 

[jo]

And you determined this how?

I was drunk and paranoid. The site seems overwritten for so little
content. Just been back and run the test.
My default configuration of Opera identifying itself as Opera passes
the test; identifying as IE6 it fails.
I have a mind to continue to identify as Opera.

This site is a nice reason for continuing to be paranoid:

http://www.symantec.ar.nu/ (NEWBIES BEWARE)

I don't know how long it has been up, but it is over two weeks.
Downloading and running the cleaner file would be a trifle foolish.

 

[R. L.]

============================================================
========== * Reply by Jack D. Russell, Sr.
<[email protected]> * Newsgroup: alt.comp.freeware
* Reply to: All; "R. L."
<ringomeinew@_hot_mail_.YOU_KNOW_THE_REST> * Date: Mon, 05
Jul 2004 17:18:58 GMT * Subj: Re: Multi Browser Security
Flaw
============================================================
==========

RL> I might be doing something right here: GreenBrowser
(IE RL> shell), Proxomitron bypassed, but still can't get
the RL> demonstrate page to look like the MS site - am I
missing RL> something?

Maybe. It doesn't just look like the MS site.

I must be really missing it .... first, the demonstration page
look just like the secunia.com page (not with the MS fram) and
with this message in the middle:

"This page could have been a malicious web page, spoofed to
look like a genuine Microsoft web page. You could e.g. be
asked to install a component, which would compromise your
system, or to provide your windows license key or credit card
number."

But it look like the secunia.com site but not the MS one

Read it again
and click on the links that they supply, in the order that
they say.. It should insert the security group warning
inside of one of the "Frames" on the MS page that it has
you click on.

Ok, then, I browsed through the MS page I opened with the
Secunia's first link, to see if there is anything obviously
got inserted, but it just look the same....

FWIW...I tried it using a link other than the
link that they supplied (I used Window's Update.) and it
failed to load the warning in any frame on the page.

I *think* that particular test was designed only for the MS
page that they indicated.

What exactly am I supposed to see if the test result is
vulnerable?

In addition, I saw
http://secunia.com/advisories/11978/

which lists the browsers that are vulnerable, but IE6 is not
on this list:

Internet Explorer 5.x for Mac
Konqueror 3.x
Mozilla 0.x
Mozilla 1.0
Mozilla 1.1
Mozilla 1.2
Mozilla 1.3
Mozilla 1.4
Mozilla 1.5
Mozilla 1.6
Mozilla Firefox 0.x
Netscape 6.x
Netscape 7.x
Opera 5.x
Opera 6.x
Opera 7.x
Safari 1.x


Wondering....


--
RL
Unofficial Adaware Updater; Little (File) Backer Upper; Uptime
Quickie; Tray Quickie; Google Quickie; Lefty Animated
Cursors;
http://home.earthlink.net/~ringomei/page2.html
*******************************************
Places that list the Pricelessware annual voting results and
information:
http://www.pricelessware.org,
http://lesspriceware.netfirms.com/

 

[Conor]

hehe, I wouldn't use Mozilla if you paid me (simply don't like it),
irrespective of the current security issues with the IE engine.

So you're quite happy having all the traffic of a "secure" online
banking session logged and sent to a site in Russia?

 

[Steven Burn]

So you're quite happy having all the traffic of a "secure" online
banking session logged and sent to a site in Russia?

Absolutely not and is the reason I don't do online banking ;o)

My philosophy is simple......... I don't go anywhere near things I do not
trust ;o) (tis much safer, hehe)

--

Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!

 

[Andy Boze]

What exactly am I supposed to see if the test result is
vulnerable?

If your browser is vulnerable, one of the frames in the MSDN page will
be replaced by a Secunia page. I tried in Moz 1.8a2, and nothing changed
in the MSDN page. In IE6 (up-to-date, fully patched), the right frame
was replaced by a Secunia page.

In addition, I saw
http://secunia.com/advisories/11978/

which lists the browsers that are vulnerable, but IE6 is not
on this list:

It's not in the list, but the page does say:

The vulnerability also affects Internet Explorer:
SA11966

which links to http://secunia.com/SA11966/ .

Andy.......................

 

[hashi]

before I waste a bunch of time for nothing, Can someone confirm that 1.7 is
really safe? because 1.7b is vulnerable.

Mozilla 1.7b
Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7b) Gecko/20040421

 

[Britannica]

If your browser is vulnerable, one of the frames in the MSDN page will
be replaced by a Secunia page. I tried in Moz 1.8a2, and nothing changed
in the MSDN page. In IE6 (up-to-date, fully patched), the right frame
was replaced by a Secunia page.

It's not in the list, but the page does say:

The vulnerability also affects Internet Explorer:
SA11966

which links to http://secunia.com/SA11966/ .

According to this page

http://www.securitypipeline.com/news/22103560;jsessionid=MDNGDZXNPT1A4QSNDBCCKHY

"It's not a code vulnerability," said Secunia's Kristensen, "but a
design flaw."

and

"Internet Explorer users can stymie such spoofing attacks by disabling
the "Navigate sub-frames across different domains" setting under
Tools/Internet Options/Security."

Is it possible to disable this functionality in Mozilla ?