Tabbed Browsing Flaws Detected

KingFish

Tabbed browsing, one of the more popular features built into alternative Web browsers, contains a security flaw that puts users at risk of spoofing attacks, research firm Secunia warned on Wednesday.

Secunia released an advisory detailing the flaws, which affect users of Mozilla, Mozilla Firefox, Netscape, Opera, Camino, Konqueror, Avant Browser and Maxthon (MyIE2). The flaws target the tabbed browsing feature, which lets surfers view multiple Web sites in a single browser session. According to Secunia, the first bug makes it possible for an inactive tab to spawn dialog boxes even if the user is viewing a different Web site in another tab.

Source: Internet News

Thrax

And here it comes, the flood of viruses, hacks and bugs in alternative browsers as people begin to exploit popularity.

Linc

If you read closely, it effects Firefox 0.10.1

Does anyone use versions of Firefox that outdated?

entropy

Those tests are interesting. The one with the dialogue box is kinda dumb, but the other one is definitely something to worry about.

I'm mostly a Maxthon guy (slowly converting to Firefox after finding the pipelining speed hacks or whatever you want to call them) and haven't had a problem with it until now. This is something to be wary of, though, that's for sure.

Rewired

General Keebler, this bug does infact affect Firefox 1.0 PR. Which is the version of Firefox most people use. Try it out for youself with the URL below.

[url=]http://secunia.com/multiple_browsers_dialog_box_spoofing_test[/url]

Nosferatu

To clarify, Firefox 0.10.1 is the latest version of Firefox 1.0 PR.

Linc

My head hurts... clearly I'm not understanding how Mozilla is numbering its versions...

They decided to keep numbering in decimal even after releasing 1.0? Why? Assuming normal decimal rules, I thought .10 < .9

Sputnik

doesn't work that way with version numbering keebs.... 10>9 yes? ok, then 1.10 is newer than 1.9.... since firefox is beta it's as if it's 0.10