Page 1 of 2
Thought you where safe with Opera/Firefox/Mozilla/Konqueror?
Posted: 2004-12-09 03:02am
by Faram
Forget it ALL major browsers are at risk from this new vulnerability.
Introduction
Secunia Research has reported a vulnerability, which affects most browsers. The vulnerability can be exploited by a malicious web site to "hi-jack" a named browser window, regardless of which web site is the true "owner" of the window.
Please use the test below, to see an example of how this vulnerability can be exploited, and also to determine whether or not your browser is vulnerable.
Demo
This is one fucked up vulnerability, one of the worst I have seen EVER!
Posted: 2004-12-09 07:14am
by Dalton
BUMP
Thank you Faram!
Posted: 2004-12-09 08:13am
by White Cat
I'm using Firefox 0.9.2, and according to that test, I'm not vulnerable.
Posted: 2004-12-09 08:15am
by Pcm979
Well, I'm safe. Firefox rox.
Posted: 2004-12-09 09:05am
by Faram
Pcm979 wrote:Well, I'm safe. Firefox rox.
NO YOU ARE NOT SAFE!!!!
Follow the link.
Left Click the first link named "Test Now - With Pop-up Blocker - Left Click On This Link"
On the new page click the Consumer Alert picture
This is the danger with this one!
All large browsers are unsafe from this ALL!
Posted: 2004-12-09 09:28am
by Sir Sirius
I'm running Firefox 1.0, tried both of the links, did just as the instructions said and got a pop-up titled
Learn About Spoofs on both occasions, not the Secunia pop-up Faram posted a picture of.
The pop-up wrote:Every Internet user should know about spoof (a.k.a. phishing or hoax) e-mails that appear to be from a well-known company but can put you at risk.
Ok, I just tried four more times and got the same results... maybe it's broken or something.
Posted: 2004-12-09 09:37am
by Sir Sirius
Now I can't access the Secunia website at all. Considering that and the fact that this is supposed to work on Firefox, which it didn't do for me, I am starting to think that there really is something wrong with the Secunia site.
A "safe" result might not mean that you are safe after all.
EDIT: I just got the Secunia page to work again and tried once more... and got the Secunia pop-up Faram posted a picture of
, even though it didn't work on previous attempts.
Posted: 2004-12-09 10:05am
by SecondStorm
I use Mozilla Firefox 1.0 and I got no pop-up. It appears Im safe after all.
Posted: 2004-12-09 10:09am
by Sir Sirius
SecondStorm wrote:I use Mozilla Firefox 1.0 and I got no pop-up. It appears Im safe after all.
Try it again a few times with both links and with out opening the links in a new tab, just click them regulary. Thats how I got it to work.
Posted: 2004-12-09 10:32am
by Darth Wong
I've tested this on Firefox 1.0. It works.
Posted: 2004-12-09 10:41am
by 2000AD
No pop up. i'm safe apparently
Posted: 2004-12-09 12:03pm
by Sharp-kun
I'm using Firefox 1.0 and got the problem.
Posted: 2004-12-09 12:47pm
by Vohu Manah
The latest Safari didn't bring up the Secunia pop-up, but the latest Camino (a Mozilla-variant) did.
Posted: 2004-12-09 05:07pm
by Terr Fangbite
tested on latest mozilla, I got nothing for both links.
Posted: 2004-12-09 05:52pm
by Pcm979
Faram wrote:NO YOU ARE NOT SAFE!!!!
Yes I am!11!! I did the fucking test!1!!
Posted: 2004-12-09 06:03pm
by Faram
Pcm979 wrote:Faram wrote:NO YOU ARE NOT SAFE!!!!
Yes I am!11!! I did the fucking test!1!!
Well what Firefox are you running?
And have you appplied any patch for this?
Posted: 2004-12-09 06:04pm
by Enigma
With the pop up blocker I get the Secunia window. Without the pop up blocker I get the citibank window.
Posted: 2004-12-09 06:04pm
by Soontir C'boath
The first two times it showed the Secunia pop-up but after that, it showed the regular pop-up from Citi-bank.
Edit: and back again. Anyway, I got the spoof-stick to show where the site is coming from.
Posted: 2004-12-09 06:07pm
by Pcm979
Faram wrote:Pcm979 wrote:Faram wrote:NO YOU ARE NOT SAFE!!!!
Yes I am!11!! I did the fucking test!1!!
Well what Firefox are you running?
And have you appplied any patch for this?
Version 1.0, with pop-up blockers. Yes, I did the test for people with pop-up blockers.
Posted: 2004-12-09 06:17pm
by Asst. Asst. Lt. Cmdr. Smi
I'm using IE right now, and after trying with and without pop-up blocker, my computer is apparently safe.
Posted: 2004-12-09 06:38pm
by Faram
Pcm979 wrote:Version 1.0, with pop-up blockers. Yes, I did the test for people with pop-up blockers.
Then you are vulnerable.
There might be somthing in the network or some other setting in you computer that is affecting this but Firefox 1.0 is not safe from this attack.
Posted: 2004-12-09 06:58pm
by Beowulf
If there is more than one tab open in a window, it doesn't work in Firefox. Try it. Click the link to open the citibank website in a new window. Hit Ctrl+T. Then click the image. The citi-bank window shows up properly.
At least, I think that's how it's working...
Posted: 2004-12-09 07:01pm
by Pcm979
Faram wrote:Pcm979 wrote:Version 1.0, with pop-up blockers. Yes, I did the test for people with pop-up blockers.
Then you are vulnerable.
How many fucking times do I have to tell you?
I did the test. I'm safe.
Posted: 2004-12-10 12:16am
by Mad
Pcm979 wrote:Faram wrote:Pcm979 wrote:Version 1.0, with pop-up blockers. Yes, I did the test for people with pop-up blockers.
Then you are vulnerable.
How many fucking times do I have to tell you?
I did the test. I'm safe.
Did you click on the spoofing thing? I'm using Firefox 1.0 and when I clicked on the Citibank web site. Then,
on the Citibank web site, I clicked on the consumer alert graphic, and I got the Secunia warning. Firefox 1.0 is not safe from the security hole.
Posted: 2004-12-10 12:26am
by Pcm979
Argh! I am not stupid! I DID THE TEST! 3 TIMES! I AM SAFE!