Tabbed Browser Spoofing Tests..

[MrLinus]

Secunia released a listing of bugs that affects a variety of tabbed browsers. Check out their site to see the POC in action. I can see a variety of phishes coming out of this along with other potentials (e.g., have a link to AO and use the option to popup a "log in" javascript box).

[KorpDeath]

Well, here's a test to see how concerned Mozilla is with security.... Guess we'll have to wait and see how long it takes, again.

Thanks for the headds up. I guess I should bookmark that site one of these days... hehe

[kurt_der_koenig]

umm.Always wondered about this..I noticed in Mozilla, if I have one tab open with Hotmail and one with AO that hotmail will start to copy my logon name from AO. Along with Korpdeath, Thanx for the heads up!

[Maverick811]

Interesting...

Tested my browser (Firefox 1.0), and I'm vulnerable as expected. Does anyone know if the malicious website triggering this vuln. would have any way of knowing what site you 'thought' you were feeding data to?

[DemonicKn1ght]

There is an extension for Firefox called Spoofstick, which displays the host of the site (or something like that) just below your nav bar in a customizable color and size. I'm not sure if that would exactly help with this, but it certainly helps with other phishing scams like spoofed sites.

[bquine]

I read over at the Opera forums that they will be addressing this in the 7.6 release. Couldn't find an ETA on it though. Cheers MsMittens.

[hypronix]

The location of the JS script cannot be shown by Spoofstick.

However for Firefox users I can only recommend to be careful when new JS windows show up... click cancel then investigate the source code on the originating webpage, and make sure you don't actually get redirected through other pages that might contain this code.

Thanks for the heads up MsM.