Bugtraq mailing list archives
Re: Netscape Communicator window spoofing bug
From: offerrob () HOTMAIL COM (Robert Thomas)
Date: Sun, 21 Feb 1999 19:17:21 PST
My exploit is completely different from the secureexperts.com 'frame spoof bug'. If you examine the source, you will see they have nothing
in
common. AFAIK 'frame spoofing' needs a frame to spoof, I did not need a frame. Even Netscape has acknowledged 'Window spoofing bug' is a new bug.
I DID look at your code (and I didn't mean that your code was junk, mearly that I had deleted stuff BTW). If netscape ack'ed that this is a new bug then it is because you got someone new to review it or someone who didn't realize that they are the same problem. Now I wonder if they are looking into this. Anyone who looked at how Secureexperts did their attack could easily move it onto an attack against a regular page (as I did 2 months ago, and you did more recently I presume). Both exploit the same fundamental feature (..not a bug, it is a feature), of being able to direct java to open up a new site inside of another window or frame (Based on a timer or some such trigger). I very much believe it is the same problem. We have been unable to figure out a good blanket procedure to fix it though. You can do neat things with timers, should they be taken out of Java in the name of security? Perhaps we should suggest to the browser developers that they change the window's appearence of any window/frame that is not the same as the URL displayed in the Location box in some manner. While this would fix new browsers, we still have a LOT of people using old browsers out there (and would still be susceptable). I had a man call me up 2 weeks ago wondering why his Netscape 1.0 browser wouldn't do something (Didn't quite have me on the floor laughing). -Robert
for IE (that didn't work for all cases BTW). The solution to this wasRegards, Georgi Guninski
______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
Current thread:
- Netscape Communicator window spoofing bug Georgi Guninski (Feb 16)
- <Possible follow-ups>
- Re: Netscape Communicator window spoofing bug Robert Thomas (Feb 18)
- Re: Netscape Communicator window spoofing bug Georgi Guninski (Feb 20)
- Re: Netscape Communicator window spoofing bug Kirrily 'Skud' Robert (Feb 21)
- Re: Netscape Communicator window spoofing bug Robert Thomas (Feb 21)
- Re: Netscape Communicator window spoofing bug Georgi Guninski (Feb 23)
- Re: Netscape Communicator window spoofing bug Georgi Guninski (Feb 23)