Vulners
Lucene search
frame.spoof.txt
`Date: Thu, 18 Feb 1999 10:36:49 PST
From: Robert Thomas <[email protected]>
To: [email protected]
Subject: Re: Netscape Communicator window spoofing bug
-Junk deleted-
This was reported back in the November, December time frame by
secureexperts.com as a frame spoof bug. MS came up with a lame patch
for IE (that didn't work for all cases BTW). The solution to this was
provided to a US Government Agency by a contractor. The agency has a
high public trust and visibility and this was a concern. Any questions
can be addressed to [email protected]. The consultant came up with the
following:
On the page being called up in the window i.e. the page
to be protected should contain the following (frames or not):
<SCRIPT LANGUAGE="JavaScript">
<!--
checkMyFramesMulti();
function ErrorHandler(errorMessage,url,line)
{
spoofDetected(" Error message: "+
errorMessage+
"\n Line number: "+
line, "TOP", url);
return true;
}
onerror = ErrorHandler;
function checkMyFramesMulti()
{
checkMyFrames();
setTimeout("checkMyFramesMulti()", 15000);
}
function checkMe()
{
setTimeout("checkMyFrames()", 3000);
}
function checkMyFrames()
{
var browsername = navigator.appName;
var browserversion = parseInt(navigator.appVersion);
var itsok;
var frameUrl;
var numFrames;
var i;
if( (browsername == "Netscape") && (browserversion >= 3) )
{
if( self.opener != null )
spoofDetected(" OPENER NOT NULL!!", "TOP", "self.opener");
}
frameUrl = location.href;
itsok = urlOk(frameUrl);
if( itsok.indexOf("false") == 0 )
spoofDetected(" Top is bad!!", "TOP", frameUrl);
numFrames = self.frames.length;
for( i = 0; i < numFrames; i++ )
{
frameUrl = self.frames[i].location.href;
itsok = urlOk(frameUrl);
if( itsok.indexOf("false") == 0 )
spoofDetected(" This frame is bad!!", i, frameUrl);
}
}
function urlOk(frameUrl)
{
var thismany = parseInt(getAuthInfoNum());
var itsok = "false";
var Url;
var i;
for( i = 0; i < thismany; i++)
{
Url = getAuthInfo(i);
if(frameUrl.indexOf(Url) == 0)
itsok = "true";
}
return itsok;
}
function spoofDetected(msg, frm, theUrl)
{
var browsername = navigator.appName;
var browserversion = parseInt(navigator.appVersion);
if( (browsername == "Netscape") && (browserversion >= 3) )
{
if( self.opener != null )
self.opener = null;
}
// spoofpage.html is an error page that gets pulled up on
// detection of an error.
top.location.href = "spoofpage.html";
}
function getAuthInfo(whichone) {
var legalUrls = new
Array('http://www.agency.gov','http://www.agency.gov/left.html','http://www.agency.gov/top.html','http://www.agency.gov/main.ht
ml');
return legalUrls[whichone];
}
function getAuthInfoNum() {
return 4;
}
// -->
</SCRIPT>
In the framed page add the onUnload command:
<BODY BGCOLOR="#FFFFFF" onUnload="parent.checkMe()">
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 Aug 1999 00:00Current