I tried this on FireFox .9.3 and nothing happened, I didn't understand the test. Apparently it's *ONLY* when you use *tabs*, which I don't. Maybe that's why it did nothing. -Clint
God Bless Clint Hamilton, Owner http://OrpheusComputing.com ----- Original Message ----- From: "Roger" <[EMAIL PROTECTED]> I checked this one out and have installed Mozilla 1.7.3 which seems to have fixed that one. Roger ----- Original Message ----- From: "Support-OrpheusComputing.com" > TITLE: > Mozilla / Mozilla Firefox / Camino Tabbed Browsing Vulnerabilities > > SECUNIA ADVISORY ID: > SA12712 > > VERIFY ADVISORY: > http://secunia.com/advisories/12712/ > > CRITICAL: > Less critical > > IMPACT: > Spoofing > > WHERE: > >From remote > > SOFTWARE: > Mozilla Firefox 0.x > http://secunia.com/product/3256/ > Camino 0.x > http://secunia.com/product/3804/ > Mozilla 1.7.x > http://secunia.com/product/3691/ > > DESCRIPTION: > Secunia Research has discovered two vulnerabilities in Mozilla, > Mozilla Firefox, and Camino, which can be exploited by malicious web > sites to obtain sensitive information and spoof dialog boxes. > > 1) Inactive tabs can launch dialog boxes so they appear to be > displayed by a web site in another tab. This can be exploited by a > malicious web site to show a dialog box, which seems to originate > from a trusted web site. > > Successful exploitation would normally require that a user is tricked > into opening a link from a malicious web site to a trusted web site in > a new tab. > > A test is available here: > http://secunia.com/multiple_browsers_dialog_box_spoofing_test/ > > The vulnerability has been confirmed in the following versions: > * Mozilla 1.7.2 and 1.7.3 > * Mozilla Firefox 0.10.1 > * Camino 0.8 > > 2) Inactive tabs can gain focus from form fields on web sites in > another tab. This can potentially be exploited to collect sensitive > data entered in form fields on other web sites. > > Successful exploitation would normally require that a user is tricked > into opening a link from a malicious web site to a trusted web site in > a new tab. > > A test is available here: > http://secunia.com/multiple_browsers_form_field_focus_test/ > > The vulnerability has been confirmed in the following versions: > * Mozilla 1.7.2 and 1.7.3 > * Mozilla Firefox 0.10.1 > > Other versions may also be vulnerable. > > SOLUTION: > Don't visit trusted web sites while visiting untrusted web sites or > disable JavaScript. ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
