SillyDog701

[J-M]

Secunia reported today about Mozilla / Mozilla Firefox Frame Injection Vulnerability (affecting to Camino too) at

http://secunia.com/advisories/15601/ .

They have a separate test page to confirm this issue located at
http://secunia.com/multiple_browsers_fr ... lity_test/

This has been discussed as SD701 earlier (this is a new version of http://secunia.com/advisories/11978/ from July, 2004.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fi-FI; rv:1.7.7) Gecko/20050414 Firefox/1.0.3

[Antony]

J-M,

Thanks for reporting. Safari is safe I hope.

UserAgent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/412 (KHTML, like Gecko) Safari/412

[ryantologyistheway]

Of course Safari would be safe from that, I'm sure there's a way to spoof Safari though as there's no way you can program something as complicated as a web browser without there being flaws.

But since Safari's usage share is well below a quarter percent, I'm sure nobody has bothered to figure that one out yet.

UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

[Betuaelmon]

I've tested Firefox and it's true if (you use different windows of Firefox)

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20050519 Netscape/8.0.1

[DJGM]

. . . Safari's usage share is well below a ¼ percent, I'm
sure nobody has bothered to figure that one out yet.

On 27th April, OneStat.com reported that Safari browser market was actually 1.26%

(Still a low percentage maybe, but somewhat higher than your erroneous estimation!)

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-GB; rv:1.7.8) Gecko/20050511 Firefox/1.0.4

[J-M]

According to the Secunia's previous report, SA11978 released on 1st July, 2004:

The following browsers are not affected:
* Mozilla Firefox 0.9 and later
* Mozilla 1.7
* Opera 7.52
* Netscape 7.2
* Camino 0.8 (build 2004062308)

Source:
http://secunia.com/advisories/11978/

So, that was the situation in September, 2004.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fi-FI; rv:1.7.7) Gecko/20050414 Firefox/1.0.3

[J-M]

Now when we have one new 'Unpatched' issue in Firefox 1.0.4 and Suite 1.7.8, we have a working workaround too.

"Do not browse untrusted web sites while browsing trusted sites."

says Secunia.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fi-FI; rv:1.7.7) Gecko/20050414 Firefox/1.0.3

[ryantologyistheway]

. . . Safari's usage share is well below a ¼ percent, I'm
sure nobody has bothered to figure that one out yet.

On 27th April, OneStat.com reported that Safari browser market was actually 1.26%

(Still a low percentage maybe, but somewhat higher than your erroneous estimation!)

I figured Apple might have around 1% of the personal computer market left and out of that maybe a fourth of them would actually use Safari when Camino would be a much better choice.

UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

[Antony]

This has been discussed as SD701 earlier (this is a new version of http://secunia.com/advisories/11978/ from July, 2004.

Just to add reference:
[sdt=6264]"Frame Injection" vuln affects all browsers[/sdt] (July 2004)

UserAgent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/412 (KHTML, like Gecko) Safari/412

[akbash]

The reappearance of this bug is a regression caused by a fix for another bug. And bad QA, one might be inclined to think One would also expect its reappearance to be entirely confined to Mozilla products, including the Firefox haunches of the Netscape 8 chimera. I don't think it's a very serious bug myself, but Mozilla are on it. There's a bug filed, and it's been determined to be necessary for Firefox 1.0.5.

About workarounds, there is also another. I'm not entirely certain this works in all cases, but Secunia's testcase fails if you have Firefox set to open new windows in tabs. The vulnerability itself is pretty contrived. A malignant site wanting to take advantage of this bug has to know that you have an important site open in another window, and it has to know details of that site. Practically speaking I don't see how this could ever be a problem unless you accept an invitation from some random site to open a new window to a secure site where you keep important information. So don't do that.

I don't mean to downplay the bug completely. It could and probably will catch someone unawares. But to fall for this, your personal paranoia dimmer switch has to be set on "night light."

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050530 Firefox/1.0+

[J-M]

Just to add reference:
[sdt=6264]"Frame Injection" vuln affects all browsers[/sdt] (July 2004)

Thanks!

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fi-FI; rv:1.7.7) Gecko/20050414 Firefox/1.0.3

[J-M]

Firefox bitten by spoofing flaw, says ZDNet UK News (again).

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fi-FI; rv:1.7.7) Gecko/20050414 Firefox/1.0.3

[Fulvio]

akbash, you made some good points, and I like your conclusion:

But to fall for this, your personal paranoia dimmer switch has to be set on "night light."

. And the bulb is out.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511

[Betuaelmon]

If you use NS 8 with IE 6 engine whitout SP has got the same vulnerability as
Firefox 1.0.4, but with IE 6 SP 2 all is ok. True or false?

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20050519 Netscape/8.0.1

[Don_HH2K]

If you use NS 8 with IE 6 engine whitout SP has got the same vulnerability as
Firefox 1.0.4, but with IE 6 SP 2 all is ok. True or false?

False. This depends on a lot of things.

First of all, if you use the Firefox rendering engine in Netscape 8, you are subject to this vulnerability. If you use IE6, you aren't, because IE isn't affected by this vulnerability. BUT, then you expose yourself to the world of IE vulnerabilities again, so leaving yourself open to this frame injection bug is the lesser of all evils.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Donzilla/0.7PR2 (WML/1.3; WML/1.2; WML/1.1; WML/1.0)