The Gaping Browser Hole

By | July 6, 2004

Sometimes security holes can be subtle rather than complex. Sidney Low of Aliencamel points out the vulnerability discovered by Secunia, called the Multiple Browsers Frame Injection Vulnerability.

It’s a fancy term for a simple enough trick, where the bad guy hijacks a frame in a legitimate webpage (a frame is one portion of a webpage which has been divided into sections). The result is that the overall page is kosher — including, crucially, the URL — but that one of the frames contained inside is not. In that frame, of course, the bad guy could do anything he likes, and the user is none the wiser.

The only way a user can tell, I think, is by right clicking on the frame content and seeing what URL it is coming from, but who does that?

This vulnerability, actually, is a variation on a vulnerability Secunia reported had been fixed in earlier versions of IE, but then created again in a recent version. The bad news is that the vulnerability is not only an IE also present in Opera, Safari, Netscape and Mozilla. I couldn’t get it to work in Firefox, interestingly. There’s a test you can perform here.

As Sydney says: “This one is quite worrying because it doesn’t need to do any URL masking. It simply exploits the fact that framesets will do the URL masking for the phisher.”

2 thoughts on “The Gaping Browser Hole

  1. treego14

    Opera no longer has this vulnerability as of 7/7/04. Get the new version 7.52.

    Opera is awesome! I love it! The best out there and the Suite of features is awesome!

    I can even use Opera IRC to chat with other IM protocols by using public servers of BitlBee.

    The keyboard shortcuts, mouse gestures, etc….. wow!

    39 minutes into the show … interview with Opera CEO: http://www.webtalkguys.com/

    Also,

    http://tntluoma.com/opera/lover/7/
    http://www.opera.com/features/
    http://nontroppo.org/wiki/WhyOpera

    Reply
  2. Pingback: MSN tests new blog, search features

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.