Multiple Browsers Popup Window Hijack Vulnerability
It seems that many browsers, including Mozilla, Firefox, Opera, and of course Internet Explorer are vulnerable to having a javascript pop-up window being hijacked.
This means that if you go to a site you know well, and click on a link to create a popup window, that an attacker could hijack that window and take it over.
An example is given on a research site that appears to hijack a javascript popup window from the Citibank site. It should be noted that for this to happen, the exact name of the popup window is needed by the attacker.
You have to have javascript enabled for you to become vulnerable to this problem, which of course means that you can avoid this problem until it is fixed by disabling javascript unless it is specifically needed - however, these types of popup windows will not be able to be activated with javascript turned off.
“Secunia Research has reported a vulnerability, which affects most browsers. The vulnerability can be exploited by a malicious web site to “hi-jack” a named browser window, regardless of which web site is the true “owner” of the window.”
Leave a comment ...
There may be a delay in displaying comments, which are moderated due to spammer abuse. Apologies; I appreciate your participation and your comment will be reviewed as soon as possible. Posters must be 18 or older | Privacy Policy
