Mutiple browser frame injection vulnerability

A class of bugs affecting many web browsers in the same way
was discovered. A Secunia advisory reports:

The problem is that the browsers don’t check if a target
frame belongs to a website containing a malicious link,
which therefore doesn’t prevent one browser window from
loading content in a named frame in another window.
Successful exploitation allows a malicious website to load
arbitrary content in an arbitrary frame in another browser
window owned by e.g. a trusted site.

A KDE Security Advisory reports:

A malicious website could abuse Konqueror to insert
its own frames into the page of an otherwise trusted
website. As a result the user may unknowingly send
confidential information intended for the trusted website
to the malicious website.

Secunia has provided a demonstration of the vulnerability at http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/.