Language Selection

English French German Italian Portuguese Spanish

Pop-up vulnerability found in major browsers

Filed under
Security

Several popular Web browsers contain a vulnerability that could be used by cybercriminals to steal personal data, security company Secunia has warned.

The flaw would allow a phishing attack in which a malicious JavaScript pop-up window appeared in front of a trusted Web site, Secunia said in an alert published Tuesday. This could trick a surfer into revealing data such as a password.

"The problem is that JavaScript dialog boxes do not display or include their origin, which allows a new window to open--for example, a prompt dialog box--which appears to be from a trusted site," said Secunia's advisory.

According to Secunia, the latest versions of Internet Explorer, Internet Explorer for Mac, Safari, iCab, Mozilla, Mozilla Firefox and Camino are all vulnerable. Opera 7 and 8 are affected, but not 8.01, according to Opera.

To take advantage of the flaw, a cybercriminal would have to direct a Web user from a malicious site to a genuine, trusted site such as an online bank, in a new browser window. The malicious site would then open a JavaScript dialog box in front of the trusted Web site, and a user might then be fooled into sending personal information back to the malicious site.

Microsoft has said it is investigating Secunia's claims. It encouraged surfers not to trust pop-up windows that don't include an address bar or a lock icon that verifies that it came from a certified source.

Mozilla Firefox developers have already been making moves to combat this kind of phishing attack. Back in April, a patch was developed that allows people to block Java and Flash-based pop-ups unless they came from trusted sites. Mozilla wasn't immediately available to comment on Secunia's claims.

Opera confirmed Wednesday that its latest browser, 8.01, would display the pop-up's origin, letting a user inspect its URL to see if it came from a trusted site.

"Once these things are discovered, there's a rush as everyone tries to fix the problem," Christen Krogh, Opera's vice president of engineering, told ZDNet UK.

Krogh also pointed out that Secunia had rated the vulnerability as "less critical."

"This could fool some users into giving out some data to a site that wouldn't otherwise be able to get that information. But it doesn't seem like the most important issue," Krogh said.

By Graeme Wearden
ZDNet UK

More in Tux Machines

Airdroid - Transfer Files Between Android Phones/Tablets and Linux (Any Distribution)


airdroid transfer file between android phone/tablet and linux mint ubuntu

We often need to transfer large amount data in the form of mp3 Songs, Video Songs, Movies and most importantly, large Games! Transferring via USB cable takes time, so let's do it with 'Airdroid' easily and quickly.
 
 
 
 
 
 

Read at LinuxAndUbuntu

Don't Use Ubuntu, Use Mint - or elementary

Tech Drive-in today listed seven reasons he prefers elementary OS over Ubuntu. Despite all that, Michael Larabel today reported on the improved performance of Ubuntu 15.04 on newer machines. Read more

7 reasons why I prefer elementary OS Freya over Ubuntu 14.10 "Utopic Unicorn"

When we laid out our featured article on things you need to do after installing Ubuntu 14.10, we shared a few little issues we have had with the latest Ubuntu release. Well things got worse, and I decided to try something else for a change. I've been using elementary OS Freya as my daily driver since then. And I have to say, I'm mighty impressed so far. And the fact that Freya is still very much in beta makes the whole affair all the more interesting. A list of reasons why I prefer elementary OS Freya over Ubuntu 14.10 at the moment. Read more

Don't Use Ubuntu, Use Mint - or elementary

The top story today continued to be the GHOST vulnerability covered last night, probably because the name lends itself to cute headlines - most with a twist on "Ghost in the Machine." But elsewhere, the How-To-Geek said today that new users should stick to Linux Mint instead of Ubuntu. He's not the only one, Tech Drive-in today listed seven reasons he prefers elementary OS over Ubuntu. Despite all that, Michael Larabel today reported on the improved performance of Ubuntu 15.04 on newer machines. Read more