Any one out there aware of this security issue with Safari
"Secunia Research has discovered a vulnerability in various browser's, which can be exploited by malicious web sites to spoof dialog boxes.
The problem is that JavaScript dialog boxes do not display or include their origin, which allows a new window to open e.g. a prompt dialog box, which appears to be from a trusted site."
I found the above by accident as i was looking up something else. If you go to Secunia site and try the test you may find that you are also vulnerable.
The only way i found to stop the spoof dialog box was to turn off enable plug-ins in preferences. However i don't have any plug-ins in my Safari plug-in folder.
I'am running safari 1.3(v312) however it would appear that it also effects version 2.2 of Safari too. Also i have installed the latest update but to no effect. Other browser effect are:- _ Internet Explorer for Mac - Internet Explorer - Opera - iCab - Mozilla / FireFox / Camino
My question is, is this vulnerability true, or just a setup
Any one out there aware of this security issue with Safari
"Secunia Research has discovered a vulnerability in various browser's, which can be exploited by malicious web sites to spoof dialog boxes.
The problem is that JavaScript dialog boxes do not display or include their origin, which allows a new window to open e.g. a prompt dialog box, which appears to be from a trusted site."
I found the above by accident as i was looking up something else.
If you go to Secunia site and try the test you may find that you are also vulnerable.
The only way i found to stop the spoof dialog box was to turn off enable plug-ins in preferences. However i don't have any plug-ins in my Safari plug-in folder.
I'am running safari 1.3(v312) however it would appear that it also effects version 2.2 of Safari too. Also i have installed the latest update but to no effect. Other browser effect are:-
_ Internet Explorer for Mac
- Internet Explorer
- Opera
- iCab
- Mozilla / FireFox / Camino
My question is, is this vulnerability true, or just a setup
Any comments welcome.