[36314] in bugtraq
Re: Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)
daemon@ATHENA.MIT.EDU (Rishi Khan)
Fri Aug 27 19:33:13 2004
In-Reply-To: <9375895.1093531877405.JavaMail.john.courcoul@mac.com>
Mime-Version: 1.0 (Apple Message framework v618)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <B16327CA-F83D-11D8-BB51-000393BD85A6@udel.edu>
Content-Transfer-Encoding: 7bit
Cc: bugtraq@securityfocus.com, Andy Cuff <lists@securitywizardry.com>
From: Rishi Khan <rishi@udel.edu>
Date: Fri, 27 Aug 2004 11:28:06 -0400
To: john.courcoul@mac.com
This is a known issue with Apples Java plugin ... not netscape or
mozilla.
See: http://bugzilla.mozilla.org/show_bug.cgi?id=162134
It has to due with the plugin ignoring clipRect and NPWindow
On Aug 26, 2004, at 10:51 AM, john.courcoul@mac.com wrote:
> Didn't think I'd ever get the chance to report some form of
> vulnerability, but I did. Minor, granted, but a bug nonetheless.
>
> Use the latest browser from Netscape, Gecko/20040804 Netscape/7.2, set
> up for tabbed browsing, on a MacOS X 10.3.5 platform with all the
> latest patches. Open Andy Cuff's "radar" page in the first tab: it
> sets up two scrolling displays (Security News and Vulnerabilities) on
> the left side of the window and a date ticker in the middle, under
> "Operational Picture". Open a new tab, which should be completely
> independent and allow you to browse another site without interference.
> Not a chance: the scrolling displays and the date ticker promptly
> highjack the new pane and display their info on it, on top of any page
> you should happen to load there. And the scrollers are "live" in
> whatever tab they have highjacked: click on any of the items they are
> displaying, and the corresponding page gets loaded on the highjacked
> tab, NOT on the original "radar" tab. Only until you close the "radar"
> tab do the scrollers and ticker go away in all other tabs.
>
> Works the other way around too: create a bunch of tabs and load all
> sorts of different sites on them. On the very last tab, open Andy's
> page. It promptly takes over all tabs and splashes the scrollers and
> ticker all over the place.
>
> In this case, just a nuisance, but might conceivably be misused. Since
> this information is placed on top of the highjacked tabs, and will
> cause a new page to load on that tab, a carefully crafted scroller or
> ticker could misdirect a user trying to do banking on a tab to be
> redirected to a hostile server elsewhere (i.e., carefully place the
> scroller on top of the "submit" button, tell the user that the
> operation failed and get them to retype their private info.)
>
> Could this be classified as "phishing" ?
>
> J. Courcoul
>
> Andy Cuff wrote:
>
>> Hi All,
>> As a great believer in being able to track emerging vulnerabilities
>> with
>> minimal effort, I have created another "Alert State" image.
>> http://securitywizardry.com/radar.htm However, I have tried to make
>> it a
>> lot more granular dividing the image up into OS and Applications and
>> reducing the alert states to just 3. At present I'm tracking the
>> vulnerabilities myself, though I'm hoping some kind hearted
>> vulnerability
>> alert service such as one of these
>> http://securitywizardry.com/alert.htm
>> will offer to notify me when significant vulnerabilities occur that
>> may
>> warrant a change in an enterprises CND posture. I hope you find it of
>> use,
>> enjoy!
>>
>> Advice, criticism, bitchin' etc welcomed as always
>>
>> -andy cuff
>> Talisker's Computer Security Portal
>> Computer Network Defence Ltd
>> http://www.securitywizardry.com
>>
>
