Vulnerability Affects Firefox and IE, New and Old

By Slimy
in Back Page News

 Share

Recommended Posts

Grand Master

Slimy

Posted
Posted
A newly discovered vulnerability, which the CTO of security services firm Secunia described this morning as affecting Internet Explorer 7.0, can also affect not only IE6 but Firefox versions 1.5 and 2.0, as observed by BetaNews in our own tests.

The vulnerability can become an easy exploit, and has actually been an annoyance for developers for years: Essentially, code within a Web page has the capability to address new popup windows as they appear, by means of a JavaScript trigger. If the event that code is executed prior to the code for the popup window's own page, it can effectively pre-empt the popup window's content, substituting its own.

If a popup blocker is enabled, the exploit should theoretically be disabled. However, if popup blocking is turned off, or if a malicious page is open in one browser window while an "exception site" -- a page where popups are allowed -- resides in another, the exploit is still feasible.

BetaNews was able to trigger the exploit not only for both Internet Explorer versions 6 and 7, but also Firefox versions 1.5 and 2.0, in the latter case when such exception sites were open along with the Secunia test page.

In fact, on one system, we were able to trigger the exploit in Firefox 1.5 with popup blocking turned on.

While the vulnerability apparently remains an annoyance across the board, Secunia's message this morning was oriented specifically toward IE7. "A vigilant user has been testing IE7," Secunia reported, "and found that it actually is vulnerable in a default configuration to the 'Window Injection Vulnerability."'

Years ago, when the vulnerability was first discovered, Microsoft created a security setting for IE6, which is accessible from the Internet Options control panel. Specifically, this can be accessed from the Security tab: Click Custom Level, then from the Settings list, scroll down to find Navigate sub-frames across different domains, and below that, click the Disable option. As Secunia noted, on systems where IE7 is installed, this setting is now disabled by default.

On one Windows XP-based test system, where we left this setting disabled, IE7 passed the Secunia vulnerability test, both with popup blocking turned on and turned off. On another XP-based system, IE7 failed the Secunia test, but only when popup blocking was turned off. We don't know the reason yet. Also, in our Vista RC2-based Virtual PC environment, IE7 failed the Secunia test, regardless of the popup blocking setting.

Meanwhile, in BetaNews' test, Firefox 1.5 failed the Secunia test, both when popup blocking was engaged, as well as when the site which generated the popup was added to its list of allowed sites. All installations of Firefox 2.0 in Windows XP passed when popup blocking was engaged, though all failed when the popup generating site was made an exception. The only browser among the two brands and different versions to pass both tests was Firefox 2.0 in Vista RC2.

Though the page that testers see when a browser fails the test reports that the code within the page may as well have been malicious, questions could well be raised about that claim. Theoretically, even though the DOM (the document framework) for the popup was circumvented, the same type of restrictions that would apply to scripting on any other page, should apply to the popup as well.

Popup blocking in both Firefox and IE disable their appearance, not filter their content; therefore, disabling popup blocking should not disable filters as well.

A Secunia advisory from March 2005 records that the vulnerability was discovered in Firefox in December 2004, but that Mozilla released a patch for it, for use in Firefox 1.0.1, the following February. No follow-ups were added to the advisory since that time.

Source

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Microsoft confirms Windows 11 26H2, urges IT admins to prepare for release

      By Usama Jawad96 · Posted

      Microsoft confirms Windows 11 26H2, urges IT admins to prepare for release by Usama Jawad Windows 11 typically follows an annual update cycle, but Microsoft recently broke that tradition a bit by releasing a "26H1" version in the first half of this year as a "scoped" build for select new silicon PCs only. This version was not available for customers using 24H2 and 25H2 builds, as Microsoft is busy preparing version 26H2 for them, confirmed officially for the first time. In a Windows IT Pro blog, Microsoft has urged IT admins to prepare for the upcoming release of Windows 11 version 26H2. The company has confirmed that this will be a small enablement package (eKB) that will simply light up certain disabled features that are already present in the operating system's code base. This means that the "refined" Windows update and deployment experience will be simpler and quicker, with minimal disruptions, as the feature update will simply toggle a few flags rather than performing a complete replacement. Microsoft has explained that this is all possible because the standard Windows 11 releases share the same servicing branch and hence, the same source code. However, this also means that Windows 11 26H1 users won't be able to upgrade to 26H2 as that is a different branch, but this is something we have known for a while now. Similar to previous annual feature updates, Windows 11 26H2 will offer the following support cycles: 24 months of support for Home, Pro, Pro EDU, and Pro for Workstations editions 36 months of support for Enterprise, Education, IoT Enterprise, and Enterprise Multi-session editions Microsoft has not confirmed a concrete release date for Windows 11 26H2, but noted that it is "coming soon". If we go by the ongoing release cadence, we can expect it to begin rolling out in early October 2026. As such, IT admins have been encouraged to begin validating Windows Insider releases in the Experimental Channel, plan rollout rings, and strategize the utilization of their existing deployment tools.
    • Windows 11 gets new audio improvements in the latest builds

      By TarasBuria · Posted

      Windows 11 gets new audio improvements in the latest builds by Taras Buria Today's Experimental builds (26H1 and Future Platforms, formerly Canary) pack several audio-related improvements. If your device is enrolled in the Experimental Channel (26H1), you can download build 28120.2315, while those in the Future Platforms version have build 29613.1000 to try. Here is what is new in build 29613.1000: [Audio] Following up on our previous improvements, we’re making some more adjustments to Settings > System > Sounds based on your feedback. Namely, we’ve updated the “All sound devices” page so: You now have the ability to change default devices from this page. Each of the devices displayed on this page now has a little volume meter next to it to show if there is audio actively playing. We’ve adjusted the page design slightly so now you can filter whether you’re viewing input or output devices. We’ve added toggles so you can choose if you want to hide or show disabled, disconnected, and unplugged devices on this page. We’ve also updated the input and output audio properties page for devices in Settings to now include jack information for those that need it. And here is the changelog for build 28120.2315: This update includes a small number of minor bug fixes and improvements. [Accessibility] This update improves caption style responsiveness by redrawing captions immediately for caption style changes. If no current caption is visible, a sample caption string is displayed. [Audio] This update improves the reliability of the inbox HD Audio driver. You can find the official release notes for build 28120.2315 here and for build 29613.1000 here.
    • Google is opening the world's first AI museum in Los Angeles

      By sphbecker · Posted

      I agree with what I think you are saying, just not in the way you are saying it. Like any tool, the amount it represents your work is perorational to the effort you put into it. It is similar to why 2nd grade math students learning to add and subtract are not allowed to use calculators, but a high-school calculous student is. For the 2nd grader, that tool would completely replace the work they are doing, for the calculous student the same tool allows them to work far more effectively while in no way replacing their effort or knowable. If you spend 30 seconds writing a prompt, then the image that comes out is no more "yours" than if you found the same image with a Google Image search. However, many of these generative tools also support highly iterative processes that allow back and forth, and merging generated images with photos or human created images. I am sure you would agree that a human spending hours of time working on a project, even if AI was involved in the process, still reflects that human's work.
    • Windows 11 version 26H2 is now available for testing in the latest preview build

      By TarasBuria · Posted

      Windows 11 version 26H2 is now available for testing in the latest preview build by Taras Buria Friday Windows 11 preview builds are here. Insiders in the Experimental (formerly Dev) and Beta Channel can download builds 26300.8697 and 26220.8690. There are no new features, but Microsoft is officially moving the Experimental Channel to version 26H2. In addition, Microsoft is improving the copy dialog in File Explorer, the Start menu reliability, and fixing virtualization issues. Here is the changelog: [General] With today’s build, Windows Insiders in the Experimental channel will see the versioning updated under Settings > System > About (and winver) to version 26H2. For more information, see the Windows Insiders blog. [File Explorer] We’ve improved the visual consistency and reliability of the Copy dialog in Dark mode, including its launch experience and the expanded progress view. [Start menu] - Also available in Beta Improved reliability of Start menu reflecting newly installed or removed apps without requiring sign-out or restart. [Taskbar] Fixed an issue for Insiders using the new smaller taskbar option, where the system tray might get cut off or pushed off screen. [Settings] - Also available in Beta Improved reliability of Settings > Apps > Startup. [Virtualization] - Also available in Beta This update addresses an issue that could result in bugchecks citing HYPERVISOR_ERROR (0x20001) and KMODE_EXCEPTION_NOT_HANDLED (0x1E) errors after installing the latest flights on some devices during system restarts, virtual machine operations, or while running some gaming applications. You can find the official changelog for the Experimental build here and for the Beta build here.
    • We now know when and how the Universe may truly end

      By sphbecker · Posted

      I've always preferred this possibility. There is something that feels good about the idea that all matter in the universe will eventually come back together and maybe even result in another big bang. The idea that the universe would fizzle out over the eons and forever drift apart is a little depressing. I realize it is not logical to let a basic human desire for life to have a grand everlasting meaning change the way I feel about a scientific theory, but I am human, so that is how I feel :-).

  • Recent Achievements

    • Collaborator
      ryansurfer98 went up a rank
      Collaborator
    • Week One Done
      Eurosoft10 earned a badge
      Week One Done
    • One Month Later
      Eurosoft10 earned a badge
      One Month Later
    • One Year In
      Skeet Campbell earned a badge
      One Year In
    • One Month Later
      Sharbel earned a badge
      One Month Later

  • Popular Contributors

    1. 1
      +primortal
      574
    2. 2
      +Edouard
      188
    3. 3
      Michael Scrip
      77
    4. 4
      PsYcHoKiLLa
      76
    5. 5
      neufuse
      71
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!