Multiple Browser Cross Tab Dialog Box Spoofing

2004-10-20T09:23:39
ID OSVDB:10983
Type osvdb
Reporter Jakob Balle(jb@secunia.com)
Modified 2004-10-20T09:23:39

Description

Vulnerability Description

Multiple web browsers contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered by an attacker creating a specially-crafted web page that would produce an inactive tab or window to launch a dialog box that appears to come from a trusted source, which could disclose sensitive information resulting in a loss of confidentiality.

Solution Description

Upgrades are currently available from these vendors to remediate this vulnerability:

KDE: Upgrade to version 3.3.1

A workaround is available for:

Mozilla FireFox Netscape Opera Avant Browser Safari Maxthon Internet Explorer for Mac

It is possible to correct the flaw by implementing the following workaround(s):

  1. Disable JavaScript
  2. Do not visit untrusted and trusted websites at the same time.

Short Description

Multiple web browsers contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered by an attacker creating a specially-crafted web page that would produce an inactive tab or window to launch a dialog box that appears to come from a trusted source, which could disclose sensitive information resulting in a loss of confidentiality.

References:

Vendor URL: http://www.avantbrowser.com/ Vendor URL: http://www.opera.com/ Vendor URL: http://www.kde.org/ Vendor URL: http://www.mozilla.org Vendor URL: http://www.apple.com/ Vendor URL: http://www.maxthon.com/en/ Security Tracker: 1011839 Security Tracker: 1011841 Security Tracker: 1011837 Security Tracker: 1011836 Security Tracker: 1011895 Security Tracker: 1011834 Security Tracker: 1011840 Security Tracker: 1011922 Security Tracker: 1012003 Security Tracker: 1012002 Security Tracker: 1011833 Security Tracker: 1011835 Security Tracker: 1011838 Secunia Advisory ID:12713 Secunia Advisory ID:12714 Secunia Advisory ID:12892 Secunia Advisory ID:12920 Secunia Advisory ID:12982 Secunia Advisory ID:12983 Secunia Advisory ID:13002 Secunia Advisory ID:14714 Secunia Advisory ID:12712 Secunia Advisory ID:12966 Secunia Advisory ID:12731 Secunia Advisory ID:12717 Secunia Advisory ID:14709 Secunia Advisory ID:12706 Related OSVDB ID: 10984 RedHat RHSA: RHSA-2005:323 Other Advisory URL: http://archives.neohapsis.com/archives/fulldisclosure/2004-10/0750.html Other Advisory URL: http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.000123 Other Advisory URL: http://secunia.com/secunia_research/2004-10/ Keyword: MFSA 2005-05 ISS X-Force ID: 17788 CVE-2004-1381 CVE-2004-1380