<<< Date Index >>>     <<< Thread Index >>>

Re: Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)



Might as well try and be useful with this and see what other Mac browsers get 
bitten by this bug. Do note that all my tests have been done on MacOS X 10.3.5, 
with the latest Java 1.4.2 Update 1 and Developer packages installed.

Netscape Navigator 7.2  -  Vulnerable (subject of the original mail)
Netscape Navigator 7.1  -  Vulnerable (buggy here too)
Netscape Navigator 7.0.2 -  NOT vulnerable (Amazing ! Ain't we supposed to be 
improving over time ?)

Mozilla 1.7.2                   -  Vulnerable (figures; Navigator 7.2 is based 
on this)
Firefox 0.9.3                   -  Vulnerable (Mozilla's kid brother, limps 
from same foot...)
Camino 0.8.1                    -  NOT vulnerable (some residue might appear on 
the next tab, but applet is inoperative)

Opera 7.5.4                     -  NOT vulnerable (does not have tabbed 
browsing)
iCab 2.9.8                              -  NOT vulnerable (plus, the page did 
not load correctly)
OmniWeb 5.0.1                   -  NOT vulnerable
MSIE 5.2.3                              -  NOT vulnerable (does not have tabbed 
browsing)

Interesting, how the bug crept into the Netscape/Mozilla codebase after 7.0.2 
and has remained there ever since. 

Cheers,

J. Courcoul

On Thursday, August 26, 2004, at 05:32PM, <john.courcoul@xxxxxxx> wrote:

>Didn't think I'd ever get the chance to report some form of vulnerability,  
>but I did. Minor, granted, but a bug nonetheless.
>
>Use the latest browser from Netscape, Gecko/20040804 Netscape/7.2, set up for 
>tabbed browsing, on a MacOS X 10.3.5 platform with all the latest patches. 
>Open Andy Cuff's "radar" page in the first tab: it sets up two scrolling 
>displays (Security News and Vulnerabilities) on the left side of the window 
>and a date ticker in the middle, under  "Operational Picture". Open a new tab, 
>which should be completely independent and allow you to browse another site 
>without interference. Not a chance: the scrolling displays and the date ticker 
>promptly highjack the new pane and display their info on it, on top of any 
>page you should happen to load there. And the scrollers are "live" in whatever 
>tab they have highjacked: click on any of the items they are displaying, and 
>the corresponding page gets loaded on the highjacked tab, NOT on the original 
>"radar" tab. Only until you close the "radar" tab do the scrollers and ticker 
>go away in all other tabs.
>
>Works the other way around too: create a bunch of tabs and load all sorts of 
>different sites on them. On the very last tab, open Andy's page. It promptly 
>takes over all tabs and splashes the scrollers and ticker all over the place.
>
>In this case, just a nuisance, but might conceivably be misused. Since this 
>information is placed on top of the highjacked tabs,  and will cause a new 
>page to load on that tab, a carefully crafted scroller or ticker could 
>misdirect a user trying to do banking on a tab to be redirected to a hostile 
>server elsewhere (i.e., carefully place the scroller on top of the "submit" 
>button, tell the user that the operation failed and get them to retype their 
>private info.)
>
>Could this be classified as "phishing" ?
>
>J. Courcoul
>
>Andy Cuff wrote:
>
>>Hi All,
>>As a great believer in being able to track emerging vulnerabilities with
>>minimal effort, I have created another "Alert State" image.
>>http://securitywizardry.com/radar.htm  However, I have tried to make it a
>>lot more granular dividing the image up into OS and Applications and
>>reducing the alert states to just 3. At present I'm tracking the
>>vulnerabilities myself, though I'm hoping some kind hearted vulnerability
>>alert service such as one of these http://securitywizardry.com/alert.htm
>>will offer to notify me when significant vulnerabilities occur that may
>>warrant a change in an enterprises CND posture. I hope you find it of use,
>>enjoy!
>>
>>Advice, criticism, bitchin' etc welcomed as always
>>
>>-andy cuff
>>Talisker's Computer Security Portal
>>Computer Network Defence Ltd
>>http://www.securitywizardry.com
>>
>
>
>______________________________________________________________________
>This email has been scanned by the MessageLabs Email Security System.
>For more information please visit http://www.messagelabs.com/email 
>______________________________________________________________________
>
>