Michal Zalewski posted the following message on the FD Secuirty List this afternoon.
----------------------------------
Microsoft Internet Explorer seems to have a soft spot for browserentrapment vulnerabilities. Just to recap, in these attacks, the user ismade believe he had left a webpage (and the URL bar or SSL state datareinforce him in this belief) - but in reality, is prevented from doingso, and his browser continues to display assorted content originating fromthe attacker.
This is a close, but somewhat more sinister relative of vanilla URL barspoofing. I reported a few of each kind in the recent months.
Well, here's another one, this time based on document.open() calls. Inessence, repeatedly calling this function after a new URL is entered bythe user, before onBeforeUnload is invoked, inhibits page transition - buttarget URL bar state is retained. This is remarkably silly.
A live demo is available here:
http://lcamtuf.coredump.cx/ietrap3/
That is all.
No comments:
Post a Comment