PDA

View Full Version : Alternete Browser users, Read this

Mark Miller
10-22-2004, 10:36 PM
Just when you thought life was good with tabbed browsing, out comes this article
http://www.internetnews.com/security/article.php/3424491
Figures
Mark :eek:
PrntRhd
10-22-2004, 10:42 PM
Yeah,
it is moderate, not critical flaw. Mozilla teams are working on a fix.
Back at MS they have a IE 6.0-SP2 problem with security zones.
Mark Miller
10-22-2004, 10:49 PM
Hi PrntRhd,
I looked all over the mozilla forums and saw nothing on it.
I am not worried about it but it goes to show that security is not just a Ms problem.
Me and Jab will remind Bill at lunch next week
Also was reading on Sp3 or some such thing next year and they may even charge for it [the nerve]
Mark
Paul Komski
10-23-2004, 05:46 AM
It's a quite interesting discovery but a pretty convoluted security liability. If you try out the two demos in IE but open the links in a new window rather than in a new tab you will get the same/similar effects with the focus being retained by the form in the referring web page. So in that sense I don't see this as a specific alternate browser vulnerability related to tabbed browsing at all.

For the spoof to work you would have to first be hijacked to somewhere you didnt intend to go, then enter sensitive information (noting that it wasn't being correctly entered) and then go back and send the data from the spoof form. Perhaps it could be made to fool some people so worth examining but I'm not shivering in my shoes about this one.
rwba13572
10-23-2004, 02:44 PM
I am using SlimBrowser, it is not in the list of browsers at risk. I think this is the best around at the moment. Try it at http://www.flashpeak.com/
PrntRhd
10-23-2004, 02:59 PM
rwba13572,
The Slimbrowser is an IE-based customized browser, not the alternate browsers being discussed in this thread. It has many of the IE security issues but with popup control, sort of like AOL's browser (also IE based).

SlimBrowser is a tabbed, IE based browser thatallows you to surf multiple sites at once.
pip22
11-09-2004, 05:13 AM
Hi PrntRhd,
Also was reading on Sp3 or some such thing next year and they may even charge for it [the nerve]
Mark

Well if they do charge for it they could actually be doing us a favour - less people will get it so less people will have major headaches with it!
Devilfish
11-10-2004, 07:00 PM
Any of you tried Avant beats ms
PrntRhd
11-10-2004, 07:36 PM
Any of you tried Avant beats ms
Avant is another customized IE browser add-on, not a different browser.