Ubiquitous browser hole an easy target for scammers
Ubiquitous browser hole an easy target for scammers
Dec 10, 2004: A new web browser security hole has been uncovered by a security firm, which could provide scammers with the means to launch phishing attacks from pop-up windows on genuine, trusted websites.
Internet monitoring firm Secunia issued a warning about the vulnerability, which affects almost all browsers, including Internet Explorer, Mozilla, Firefox, Netscape, Opera, Konqueror and Safari.
According to Secunia, the vulnerability can be exploited by a malicious website to "hijack" a named browser window, regardless of which website is the true "owner" of the window.
The problem arises when an Internet user has browser windows for a legitimate website and a malicious one open at the same time. While very few people would intentionally visit a malicious website, often users will accidentally stumble upon one by clicking on links.
An example of how the vulnerability can result in fraudulent activity was given by the company, which said that an infected pop-up display can appear when visiting a bank site. This pop-up can potentially be used to gather information about a user's account, which can then be used to relieve them of their funds.
While acknowledging that by going public with the news of the vulnerability, scammers will also be alerted to the opportunity, Secunia CTO, Thomas Kristensen said that the lack of responsiveness by some browser vendors to the problem led the company to issue the warning, as he felt the public should be aware of it.
Related Article: