Re: New vuln affects ALL browsers
 

Does it perhaps depend on you having the Secunia site open in a different window/tab while you click the graphic on the bank site?

Re: New vuln affects ALL browsers
 

OK I did it again, and it came up with the pop-up. These computers at college have the flaw :erm:

Re: New vuln affects ALL browsers
 

IE6 on XPSP1 (patched until this months IE patch) with Google popup-blocker is vulnerable.

FF (with Tabbrowser Extensions and standard popup-blocker) is safe. Even tried opening Secunia site and Citibank in separate windows rather than tabs.

Will check the standard SP2 version of IE6 this evening.

Bottom line is - you need to visit a 'malicious' website and then a legit website (via link from malicious site?), that the malicious site knows about, using the same browser and legit website then has to open a pop-up window.

Re: New vuln affects ALL browsers
 

If you are using a Mozilla variant, you can make sure the page is really coming from where it says it is by doing this:

1) Type "about:config" into the location bar.
2) Look for "dom.disable_window_open_feature.location".
3) Set to "true".

Re: New vuln affects ALL browsers
 

would that count as a 'patch' or does it restrict the functionality of the browser?

Re: New vuln affects ALL browsers
 

It does this, it's a kinda workaround thing:

Re: New vuln affects ALL browsers
 

All clear,XP.. IE 6 SP2. tried it 5 or 6 times, no problems.:cool:

Re: New vuln affects ALL browsers
 

adshield protects me from this......

Re: New vuln affects ALL browsers
 

seems fine here :tu: :)

Re: New vuln affects ALL browsers
 

Using FF with the pop-up blocker turned on it didn't work, but I turned it off and worked :erm:

EDIT: Just tried it with IE6. Google toolbar didn't stop it, but when I turned the pop-up stopper in IE6, it stopped the secunia thing, but it let the correct pop-up appear.

Re: New vuln affects ALL browsers
 

How odd!! I did the second link with PoUpCop disabled and got the correct citibank site pop up.Then I refreshed the secunia site and got the other popup.

Anyway I keep my popup blocker going all the time so I'm not really worried.

Re: New vuln affects ALL browsers
 

Affects me (IE 6 SP2 version). Reading the 'blurb', as Chris T says above, it does depend on the Secunia site still being open in a separate window.

Re: New vuln affects ALL browsers
 

...and in response to Incog., the SP2 version of IE 6 includes a pop-up bloker, which didn't help in this instance.

Re: New vuln affects ALL browsers
 

Hmm..

With IE6 SP2 (built-in pop-up blocker) I am vuln. The Secunia info appears as a popup from citibank. But going back to the Secunia window, IE tells me it's blocked a pop-up from the Secunia site!!

Just as well I've hidden IE on home system - wife and kids can use the safe (from this) FF :)

Re: New vuln affects ALL browsers
 

Windows 2000 IE6 SP4 is vulnerable.