692 Secunia, the security company that also wants your love, has issued a security alert for several web browsers that allow tabbed browsing, including Safari for Macintosh. Applelinks has also confirmed that the vulnerability affects the Firefox 1.0 preview release available for OS X.

Rated less-to-moderately critical, the vulnerability is basically this:

Inactive windows can launch dialog boxes so they appear to be displayed by a web site in another window. This can be exploited by a malicious web site to show a dialog box, which seems to originate from a trusted web site.

Successful exploitation would normally require that a user is tricked into opening a link from a malicious web site to a trusted web site in a new window.

Granted, not likely, but possible. If you'd like to try a safe example of how this might work, Secunia has provided one.

The "solution" to this problem is either to disable javascript or just not visit untrusted website while you're paying your bills online. If you, you know, want to use common sense.

Keep in mind also this affects both PC and Mac versions of the browsers.

Bill's been using Macs since the late 80s. When he's not making smartass remarks to amuse Kirk Hiner, he enjoys fighting for the user.

Tags: Commentary ï

(0) Trackbacks ï

Login † or † Register † †