Right on the heels of the Internet Explorer configuration change that Microsoft offered its customers last weekMessage 1 of 1 , Jul 17, 2004View Source
It's not only IE that has vulnerabilities
Right on the heels of the Internet Explorer configuration change that Microsoft offered its customers last week, security firm Secunia announced the discovery of a 6 year old security vulnerability in multiple browsers that allows malicious people to spoof the content of Web sites.
The vulnerability occurs because browsers don't check if a target frame belongs to a Website containing a malicious link, which therefore doesn't prevent a browser window loading content in a named frame in another window.
This vulnerability has been reported in the following Web browsers:
- Internet Explorer 5.x, 6
- Konqueror 3.x
- Mozilla 0.x, 1.0, 1.1, 1.2, 1.3, 1.4, 1.5, 1.6
- Mozilla Firefox 0.x
- Netscape 6.x, 7.x
- Opera 5.x, 6.x, 7.x
- Safari 1.x
According to Secunia, the following browsers are not affected:
- Mozilla Firefox 0.9 and later
- Mozilla 1.7
- Opera 7.52
Secunia has constructed a test, which can be used to check if your browser is affected by this issue: Secunia Test
If you are using Internet Explorer, there's a small change you can make to the security settings that will prevent this vulnerability: Disable the security setting: Navigate sub-frames across different domains.
I know I keep repeating myself, but if you followed my advice I first published in October 2000, you should already be protected against this vulnerability, as I've recommended switching the setting Navigate sub-frames across different domains to Disabled for all but "Trusted" sites.
The Mozilla team have a Web page with more information, and links to their updated browsers.
Alberta Family Histories Society
712-16th Ave NW,
Calgary, AB, T2W 0J8