«

Food for thought - spotted this on:
http://www.theregister.co.uk/2004/11...bbed_browsers/

Secunia issued a security report detailing how most major web browsers
with the tabbed browsing feature were vulnerable to two different
vulnerabilities.

First, the browsers. Recognize any you use?

* Mozilla 1.7.3
* Mozilla Firefox 0.10.1
* Camino 0.8
* Opera 7.54
* Konqueror 3.2.2-6
* Netscape 7.2
* Avant Browser 9.02 build 101 and 10.0 build 029
* Maxthon (MyIE2) 1.1.039


Now, the vulnerabilities. One of them is pretty clever, and one of
them, I think, is a bit overstated, but I'll explain that in a second.

1. You have a couple of different websites open in a couple of
tabs. You open another tab and head over to a trusted website, like
PayPal's. You're on the PayPal site, when suddenly a dialog box opens,
apparently from PayPal, and asks you to enter your password and your
credit card info, "for verification purposes". You do so and keep
using the PayPal site, never realizing that it was not the PayPal tab
that spawned that dialog box, but a web site on a different, inactive
tab. To see what I'm talking about, open the demo site at Secunia with
an affected browser and follow the instructions. Very clever.

There are two problems here. First, the browser doesn't easily
keep the user informed as to which tab is responsible for the dialog
box. That's an easy fix. Second, the browser shouldn't allow inactive
tabs to spawn dialog boxes in the first place. Another easy fix. But
still - not good. Clearly, none of the organizations creating these
browsers ever envisioned such an attack. Of course, this attack will
only work if you're already on a shady web site to begin with, and if
that site knows you've gone to a site that it knows you trust, like
PayPal. As Secunia itself points out, for this sneaky stunt to work it
would "normally require that a user is tricked into opening a link
from a malicious web site to a trusted web site in a new tab".
Clearly, the likelihood of that string of events is pretty small. But
it's still clever, and it would undoubtedly get a lot of folks in
trouble if they somehow had both the "bad" and the "good" sites open
at the same time in separate tabs.
2. The second vulnerability strikes me as even less likely, but
perhaps I'm wrong. Let's say you have a couple of different web sites
open in a couple of tabs. You open another tab and head over to a
trusted website, like PayPal's. You type in your username and
password, but nothing shows up. You type it again. Still nothing.
Assuming that PayPal's site is temporarily borked, you close the tab
and continue on your merry way. Little do you know that everything you
typed actually went into a form on a site found on one of your other
tabs. If you want to see this in action, Secunia has a demo site up
for this one as well.

Reg