"Frame Injection" vulnerability that affects all browsers

by Antony

According to Secunia, an old vulnerability was discovered in multiple modern browsers, allowing malicious people to spoof the content of websites.

The problem is that the browsers don't check if a target frame belongs to a website containing a malicious link, which therefore doesn't prevent one browser window from loading content in a named frame in another window.

You can test your browser with this detailed instructions.

> Join our discussion at SillyDog701 Message Centre.

The vulnerability has been confirmed in the following browsers:
* Opera 7.51 for Windows
* Opera 7.50 for Linux
* Mozilla 1.6 for Windows
* Mozilla 1.6 for Linux
* Mozilla Firebird 0.7 for Linux
* Mozilla Firefox 0.8 for Windows
* Netscape 7.1 for Windows
* Internet Explorer for Mac 5.2.3
* Safari 1.2.2
* Konqueror 3.1-15redhat
* Internet Explorer 5.01, 5.5, 6 for Windows.

Other versions might also been affected.

> More information:
Multiple Browsers Frame Injection Vulnerability
Internet Explorer Frame Injection Vulnerability

> Join our discussion at SillyDog701 Message Centre.


Posted by Antony Shen on July 5, 2004 8:35 PM

more July 2004 stories or Year 2004 stories