Home page logo
/

bugtraq logo Bugtraq mailing list archives

Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)
From: john.courcoul () mac com
Date: Thu, 26 Aug 2004 09:51:17 -0500

Didn't think I'd ever get the chance to report some form of vulnerability,  but I did. Minor, granted, but a bug 
nonetheless.

Use the latest browser from Netscape, Gecko/20040804 Netscape/7.2, set up for tabbed browsing, on a MacOS X 10.3.5 
platform with all the latest patches. Open Andy Cuff's "radar" page in the first tab: it sets up two scrolling displays 
(Security News and Vulnerabilities) on the left side of the window and a date ticker in the middle, under  "Operational 
Picture". Open a new tab, which should be completely independent and allow you to browse another site without 
interference. Not a chance: the scrolling displays and the date ticker promptly highjack the new pane and display their 
info on it, on top of any page you should happen to load there. And the scrollers are "live" in whatever tab they have 
highjacked: click on any of the items they are displaying, and the corresponding page gets loaded on the highjacked 
tab, NOT on the original "radar" tab. Only until you close the "radar" tab do the scrollers and ticker go away in all 
other tabs.

Works the other way around too: create a bunch of tabs and load all sorts of different sites on them. On the very last 
tab, open Andy's page. It promptly takes over all tabs and splashes the scrollers and ticker all over the place.

In this case, just a nuisance, but might conceivably be misused. Since this information is placed on top of the 
highjacked tabs,  and will cause a new page to load on that tab, a carefully crafted scroller or ticker could misdirect 
a user trying to do banking on a tab to be redirected to a hostile server elsewhere (i.e., carefully place the scroller 
on top of the "submit" button, tell the user that the operation failed and get them to retype their private info.)

Could this be classified as "phishing" ?

J. Courcoul

Andy Cuff wrote:

Hi All,
As a great believer in being able to track emerging vulnerabilities with
minimal effort, I have created another "Alert State" image.
http://securitywizardry.com/radar.htm  However, I have tried to make it a
lot more granular dividing the image up into OS and Applications and
reducing the alert states to just 3. At present I'm tracking the
vulnerabilities myself, though I'm hoping some kind hearted vulnerability
alert service such as one of these http://securitywizardry.com/alert.htm
will offer to notify me when significant vulnerabilities occur that may
warrant a change in an enterprises CND posture. I hope you find it of use,
enjoy!

Advice, criticism, bitchin' etc welcomed as always

-andy cuff
Talisker's Computer Security Portal
Computer Network Defence Ltd
http://www.securitywizardry.com



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault