Multiple Browsers Frame Injection Vulnerability
Filed in: Mozilla, Security — July 3rd, 2004
A 6 year old vulnerability has been discovered in multiple browsers, allowing malicious people to spoof the content of websites.
The problem is that the browsers don’t check if a target frame belongs to a website containing a malicious link, which therefore doesn’t prevent one browser window from loading content in a named frame in another window.
Successful exploitation allows a malicious website to load arbitrary content in an arbitrary frame in another browser window owned by e.g. a trusted site.
[ Read more @ Secunia.com ]
Many popular browsers like Internet Explorer, Netscape, Mozilla(older version), Safari are infected. You may test your browser against frame injection vulnerability, by Secunia.com.
Solution:
“Do not browse untrusted sites while browsing trusted sites.”
Mozilla 1.7 and Firefox 0.9 and later are NOT infected.
Thought:
You know, I really worry about future of Internet Explorer. Mozilla appears to be our future browser now. 
