June 2005

ID: 00469
Ref: 434/2005
Date: 08 June 2005:16:40:58
Version: 1

---

Title: AusCERT - Frame Spoofing Vulnerability in Multiple Web Browsers [AA-2005.006]
Abstract:
Vendors affected: multiple
Operating systems affected: multiple
Applications affected: multiple

---

Title
=====
AusCERT - Frame Spoofing Vulnerability in Multiple Web Browsers [AA-2005.006]

Detail
======

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
AA-2005.006 AUSCERT Advisory

Frame Spoofing Vulnerability in Multiple Web Browsers
8 June 2005

Last Revised: --
- - ---------------------------------------------------------------------------

AusCERT Alert Summary
---------------------

Product: Microsoft Internet Explorer (Windows and Mac)
Mozilla
Firefox
Netscape
Opera
Konqueror
Camino
Safari
Operating System: Windows
Linux variants
UNIX variants
Mac OS
Impact: Provide Misleading Information
Access Privileged Data
Access: Remote/Unauthenticated

Ref: AL-2004.041

OVERVIEW:

A frame spoofing vulnerability dating from 1999 has been found [1] to have
reemerged in several popular web browsers. The vulnerability allows one
website to alter the contents of any frames on another website that is
being concurrently viewed.


AFFECTED APPLICATIONS:

This vulnerability can be found in a wide range of modern browsers,
including Internet Explorer (both for Windows and for Mac), Firefox,
Mozilla, Netscape, Opera, Konqueror, Camino and Safari.

Secunia has set up a test page so you can check if your browser is
affected. It can be found at:

http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/


IMPACT:

If a user is veiwing a trusted website while viewing another malicious
website, the malicious website can masquerade as the trusted website.
The most obvious use for such an attack would be to gather financial and
identity information in a 'phishing' attack.


MITIGATION:

Until patches are released, it is recommended that users do not browse
to other websites while viewing trusted or secure websites using the same
browser.

Before visiting a trusted web site, first shut down the web browser by
closing all browser windows.


REFERENCES:

[1] http://secunia.com/advisories/11978/


AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:

http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================

- -----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBQqaNnih9+71yA2DNAQLpRgP/ZW3WMabTfAZf15YOjDAJub59IBHW7tXB
bdDDi5sYQZ8xWzymrwlhzIQAaJGsmPLjKx6p2TSGGT28e5PQyPO+Q4yssvfxZPti
8wpx2yGnnZan++NHmKAjWoHwLY93iK7j3h+sN1LOYzjy0OFpWAJNowJampLC/kej
f30nTOc37yI=
=BHjc
- -----END PGP SIGNATURE-----