Secunia reports "Frame Injection" vulnerability that affects Safari, other browsers

The Secunia security group is reporting on a vulnerability that allows outside parties to "inject" spoofed content into a browser frame. The flaw affects Safari and a host of other browsers.

According to the description: "The problem is that the browsers don't check if a target frame belongs to a website containing a malicious link, which therefore doesn't prevent one browser window from loading content in a named frame in another window.

"Successful exploitation allows a malicious website to load arbitrary content in an arbitrary frame in another browser window owned by e.g. a trusted site.

Secunia says the vulnerability has been confirmed in the following browsers:

• Opera 7.51 for Windows
• Opera 7.50 for Linux
• Mozilla 1.6 for Windows
• Mozilla 1.6 for Linux
• Mozilla Firebird 0.7 for Linux
• Mozilla Firefox 0.8 for Windows
• Netscape 7.1 for Windows
• Internet Explorer for Mac 5.2.3
• Safari 1.2.2
• Konqueror 3.1-15redhat

The group has also constructed a test, which can be used to check if your browser is affected by this issue.

According to a report on the The Inquirer, browser vendors actually find it to be a beneficial "functionality" to allow one browser window to load arbitrary content in a frameset in a different window (from a completely different domain).

This problem was also discussed in late 2000 in an article published on SecuriTeam.com: "By design, a browser window can contain subwindows called frames, and the frames can reside in different domains ? for instance, one frame could display a page from a web site, while another shows the contents of a file on the local computer. In such a case, the frames should not be able to exchange data, but the affected functions contain flaws that cause them not to enforce this restriction."

Feedback? Late-breakers@macfixit.com.

Resources