New vuln affects ALL browsers
 

Check this out:
http://secunia.com/multiple_browsers...rability_test/ :eek:

Re: New vuln affects ALL browsers
 

me not vunerable :D

Re: New vuln affects ALL browsers
 

Me neither :)

Re: New vuln affects ALL browsers
 

Flippin' 'eck!

Re: New vuln affects ALL browsers
 

no problem here.. (FF with more or less default security and pop-up settings)

Re: New vuln affects ALL browsers
 

why not?

Re: New vuln affects ALL browsers
 

Hmm, I am vulnerable in FF. Any ideas what I can do to patch / fix this?

Thanks.

Raist.

Re: New vuln affects ALL browsers
 

Hmm, my FF was not vunerable, IE (obviously) was.

Re: New vuln affects ALL browsers
 

My FF was vunerable, default installation nothing changed

Re: New vuln affects ALL browsers
 

just double checked it.. and it now fails the test .. weird

Re: New vuln affects ALL browsers
 

It happens every time I try the test in my FireFox, but only every 1 in 5 times trying it in IE, bit odd.

Nasty bug tho, and looking at how it's done, very easy, oops

Re: New vuln affects ALL browsers
 

Waddaya mean: 'obviously'?!
I'm on IE and I'm not vulnerable :p:

Re: New vuln affects ALL browsers
 

Well IE on this college PC is fine, will try mine at home when I get home :)

Re: New vuln affects ALL browsers
 

Just tested Internet Explorer and Mozilla and both are fine.

Re: New vuln affects ALL browsers
 

Nothing here... apart from an attempt to launch 127 pop up windows :erm:

Re: New vuln affects ALL browsers
 

Does it perhaps depend on you having the Secunia site open in a different window/tab while you click the graphic on the bank site?

Re: New vuln affects ALL browsers
 

OK I did it again, and it came up with the pop-up. These computers at college have the flaw :erm:

Re: New vuln affects ALL browsers
 

IE6 on XPSP1 (patched until this months IE patch) with Google popup-blocker is vulnerable.

FF (with Tabbrowser Extensions and standard popup-blocker) is safe. Even tried opening Secunia site and Citibank in separate windows rather than tabs.

Will check the standard SP2 version of IE6 this evening.

Bottom line is - you need to visit a 'malicious' website and then a legit website (via link from malicious site?), that the malicious site knows about, using the same browser and legit website then has to open a pop-up window.

Re: New vuln affects ALL browsers
 

If you are using a Mozilla variant, you can make sure the page is really coming from where it says it is by doing this:

1) Type "about:config" into the location bar.
2) Look for "dom.disable_window_open_feature.location".
3) Set to "true".

Re: New vuln affects ALL browsers
 

would that count as a 'patch' or does it restrict the functionality of the browser?

Re: New vuln affects ALL browsers
 

It does this, it's a kinda workaround thing:

Re: New vuln affects ALL browsers
 

All clear,XP.. IE 6 SP2. tried it 5 or 6 times, no problems.:cool:

Re: New vuln affects ALL browsers
 

adshield protects me from this......

Re: New vuln affects ALL browsers
 

seems fine here :tu: :)

Re: New vuln affects ALL browsers
 

Using FF with the pop-up blocker turned on it didn't work, but I turned it off and worked :erm:

EDIT: Just tried it with IE6. Google toolbar didn't stop it, but when I turned the pop-up stopper in IE6, it stopped the secunia thing, but it let the correct pop-up appear.

Re: New vuln affects ALL browsers
 

How odd!! I did the second link with PoUpCop disabled and got the correct citibank site pop up.Then I refreshed the secunia site and got the other popup.

Anyway I keep my popup blocker going all the time so I'm not really worried.

Re: New vuln affects ALL browsers
 

Affects me (IE 6 SP2 version). Reading the 'blurb', as Chris T says above, it does depend on the Secunia site still being open in a separate window.

Re: New vuln affects ALL browsers
 

...and in response to Incog., the SP2 version of IE 6 includes a pop-up bloker, which didn't help in this instance.

Re: New vuln affects ALL browsers
 

Hmm..

With IE6 SP2 (built-in pop-up blocker) I am vuln. The Secunia info appears as a popup from citibank. But going back to the Secunia window, IE tells me it's blocked a pop-up from the Secunia site!!

Just as well I've hidden IE on home system - wife and kids can use the safe (from this) FF :)

Re: New vuln affects ALL browsers
 

Windows 2000 IE6 SP4 is vulnerable.

Re: New vuln affects ALL browsers
 

Yes well I reckon PopUpCop against M$ anytime.As long as it is on it works very well and when I used the link WITH it it allowed no popup at all.

Re: New vuln affects ALL browsers
 

Just tried it with IE pop up blocker turned off and I am still not vulnerable. It could be Prevx, Pest Patrol, or ZAPro, not sure which but I get the genuine citibank link every time.