Hot on the heels of an exploit which allowed Javascript popups to appear in front of another site, Neowin has learned of another, potentially more dangerous, use for the script.
The latest problem, reported to us by Neowin user flanderssoft, centres around the ability to refresh a page other than the one currently open - if that page has loaded a popup in the first place. It would allow visitors clicking on a malicious link to Hotmail to initially be served with the correct page, before being transferred seconds later to one which looks identical on another server. If the URLs were similar, it's likely many users wouldn't notice the change.
The exploit sample below only works on IE: however, tests seem to suggest it may work on other browsers. The only reason it doesn't in this case is the use of an unusual extension (.srf) throwing them off.
It's likely this exploit, like the previous one, may not be patched; many sites use this ability in a legitimate way to refresh a page after a link in another window is clicked. Therefore the only way to avoid it is, as always, to not click suspicious links - or to disable Javascript.
View: Sample exploit
-1 Comments - Add comment