New vuln affects ALL browsers - Page 2

**Chris** · 09-12-2004, 14:01

Does it perhaps depend on you having the Secunia site open in a different window/tab while you click the graphic on the bank site?

09-12-2004, 14:08

OK I did it again, and it came up with the pop-up. These computers at college have the flaw

Aragorn · 09-12-2004, 14:28

IE6 on XPSP1 (patched until this months IE patch) with Google popup-blocker is vulnerable.

FF (with Tabbrowser Extensions and standard popup-blocker) is safe. Even tried opening Secunia site and Citibank in separate windows rather than tabs.

Will check the standard SP2 version of IE6 this evening.

Bottom line is - you need to visit a 'malicious' website and then a legit website (via link from malicious site?), that the malicious site knows about, using the same browser and legit website then has to open a pop-up window.

Richard M · 09-12-2004, 14:47

If you are using a Mozilla variant, you can make sure the page is really coming from where it says it is by doing this:

1) Type "about:config" into the location bar.
2) Look for "dom.disable_window_open_feature.location".
3) Set to "true".

**Chris** · 09-12-2004, 14:49

Quote:

Originally Posted by Richard M

If you are using a Mozilla variant, you can make sure the page is really coming from where it says it is by doing this:

1) Type "about:config" into the location bar.
2) Look for "dom.disable_window_open_feature.location".
3) Set to "true".

would that count as a 'patch' or does it restrict the functionality of the browser?

Richard M · 09-12-2004, 14:52

It does this, it's a kinda workaround thing:

iadom · 09-12-2004, 16:36

All clear,XP.. IE 6 SP2. tried it 5 or 6 times, no problems.

Ramrod · 09-12-2004, 17:00

adshield protects me from this......

paulyoung666 · 09-12-2004, 17:20

seems fine here

Mal · 09-12-2004, 18:43

Using FF with the pop-up blocker turned on it didn't work, but I turned it off and worked

EDIT: Just tried it with IE6. Google toolbar didn't stop it, but when I turned the pop-up stopper in IE6, it stopped the secunia thing, but it let the correct pop-up appear.

**Maggy** · 09-12-2004, 19:54

How odd!! I did the second link with PoUpCop disabled and got the correct citibank site pop up.Then I refreshed the secunia site and got the other popup.

Anyway I keep my popup blocker going all the time so I'm not really worried.

09-12-2004, 21:20

Affects me (IE 6 SP2 version). Reading the 'blurb', as Chris T says above, it does depend on the Secunia site still being open in a separate window.

09-12-2004, 21:22

...and in response to Incog., the SP2 version of IE 6 includes a pop-up bloker, which didn't help in this instance.

Aragorn · 09-12-2004, 21:42

Hmm..

With IE6 SP2 (built-in pop-up blocker) I am vuln. The Secunia info appears as a popup from citibank. But going back to the Secunia window, IE tells me it's blocked a pop-up from the Secunia site!!

Just as well I've hidden IE on home system - wife and kids can use the safe (from this) FF

09-12-2004, 22:09

Windows 2000 IE6 SP4 is vulnerable.