Results 1 to 6 of 6
  1. #1
    Super Moderator
    Join Date
    Dec 2000
    Location
    Renton, Washington, USA
    Posts
    12,560
    Thanks
    0
    Thanked 4 Times in 4 Posts

    Tabbed Browsing Flaws Detected (Mozilla Firefox and more)

    Tabbed Browsing Flaws Detected


    Tabbed browsing, one of the more popular features built into alternative Web browsers, contains a security flaw that puts users at risk of spoofing attacks, research firm Secunia warned on Wednesday.

    Secunia released an advisory detailing the flaws, which affect users of Mozilla, Mozilla Firefox, Netscape, Opera, Camino, Konqueror, Avant Browser and Maxthon (MyIE2).

    The flaws target the tabbed browsing feature, which lets surfers view multiple Web sites in a single browser session.

    Now running HP Pavilion a6528p, with Win7 64 Bit OS.

  2. #2
    Uranium Lounger
    Join Date
    Dec 2000
    Location
    Los Angeles Area, California, USA
    Posts
    7,453
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Tabbed Browsing Flaws Detected (Mozilla Firef

    Thanks for this, Dave. Just when I was beginning to feel safe. <img src=/S/anigrin.gif border=0 alt=anigrin width=19 height=19>

  3. #3
    Super Moderator
    Join Date
    Dec 2000
    Location
    Renton, Washington, USA
    Posts
    12,560
    Thanks
    0
    Thanked 4 Times in 4 Posts

    Re: Tabbed Browsing Flaws Detected (Mozilla Firef

    Just proves that NOTHING is 100% safe.

    Now running HP Pavilion a6528p, with Win7 64 Bit OS.

  4. #4
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Tabbed Browsing Flaws Detected (Mozilla Firef

    This is interesting because there isn't an obvious "best way" to fix the software for what they call "Vulnerability A". If you let a pop-up box change the active tab so that the user can see the page that generated it, that could be annoying. If you keep the pop-up hidden until the user changes to that tab, the user might-miss out on something she or he was waiting for. Maybe Firefox could display a star on the tab meaning "something up over here" as a way to bridge these two options?

    Regarding "Vulnerability B," yes, it would be wrong to let an inactive tab suddenly siphon off input from the active tab. That should be fixed ASAP.

  5. #5
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Tabbed Browsing Flaws Detected (Mozilla Firef

    In reading the "security" section of the fixes list for the RC-1 release of Firefox (see <post#=421252>post 421252</post#>), it appears that this has been solved. Clicking through to the bug discussion, amazingly, this has been a known problem for Mozilla since February 2002; two and a half years! I guess the bright light of media attention really does give greater priority to code problems after all. <img src=/S/smile.gif border=0 alt=smile width=15 height=15>

  6. #6
    Platinum Lounger
    Join Date
    Nov 2001
    Location
    Vienna, Wien, Austria
    Posts
    5,009
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Tabbed Browsing Flaws Detected (Mozilla Firef

    >amazingly, this has been a known problem for Mozilla since February 2002

    FWIW, from memory, tabbed browsing started out as an extension that then got brought into the basic code module. At a (reasonable) guess, the issue wasn't the Firefox code itself, but the underlying Mozilla code - making it an issue for the (more senior) Mozilla team and compatibility with other Mozilla modules. The history of bug prioritising is an area in itself. At one stage, the issue was passed over to end users by having a voting system to determine which ones got fixed next.
    Gre

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •