mailing list archives
Re: Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)
From: Rishi Khan <rishi () udel edu>
Date: Fri, 27 Aug 2004 11:28:06 -0400
This is a known issue with Apples Java plugin ... not netscape or
It has to due with the plugin ignoring clipRect and NPWindow
On Aug 26, 2004, at 10:51 AM, john.courcoul () mac com wrote:
Didn't think I'd ever get the chance to report some form of
vulnerability, but I did. Minor, granted, but a bug nonetheless.
Use the latest browser from Netscape, Gecko/20040804 Netscape/7.2, set
up for tabbed browsing, on a MacOS X 10.3.5 platform with all the
latest patches. Open Andy Cuff's "radar" page in the first tab: it
sets up two scrolling displays (Security News and Vulnerabilities) on
the left side of the window and a date ticker in the middle, under
"Operational Picture". Open a new tab, which should be completely
independent and allow you to browse another site without interference.
Not a chance: the scrolling displays and the date ticker promptly
highjack the new pane and display their info on it, on top of any page
you should happen to load there. And the scrollers are "live" in
whatever tab they have highjacked: click on any of the items they are
displaying, and the corresponding page gets loaded on the highjacked
tab, NOT on the original "radar" tab. Only until you close the "radar"
tab do the scrollers and ticker go away in all other tabs.
Works the other way around too: create a bunch of tabs and load all
sorts of different sites on them. On the very last tab, open Andy's
page. It promptly takes over all tabs and splashes the scrollers and
ticker all over the place.
In this case, just a nuisance, but might conceivably be misused. Since
this information is placed on top of the highjacked tabs, and will
cause a new page to load on that tab, a carefully crafted scroller or
ticker could misdirect a user trying to do banking on a tab to be
redirected to a hostile server elsewhere (i.e., carefully place the
scroller on top of the "submit" button, tell the user that the
operation failed and get them to retype their private info.)
Could this be classified as "phishing" ?
Andy Cuff wrote:
As a great believer in being able to track emerging vulnerabilities
minimal effort, I have created another "Alert State" image.
http://securitywizardry.com/radar.htm However, I have tried to make
lot more granular dividing the image up into OS and Applications and
reducing the alert states to just 3. At present I'm tracking the
vulnerabilities myself, though I'm hoping some kind hearted
alert service such as one of these
will offer to notify me when significant vulnerabilities occur that
warrant a change in an enterprises CND posture. I hope you find it of
Advice, criticism, bitchin' etc welcomed as always
Talisker's Computer Security Portal
Computer Network Defence Ltd