July 2, 2004 8:00 AM PDT

Secunia reports "Frame Injection" vulnerability that affects Safari, other browsers

by CNET staff

The Secunia security group is reporting on a vulnerability that allows outside parties to "inject" spoofed content into a browser frame. The flaw affects Safari and a host of other browsers.

According to the description: "The problem is that the browsers don't check if a target frame belongs to a website containing a malicious link, which therefore doesn't prevent one browser window from loading content in a named frame in another window.

"Successful exploitation allows a malicious website to load arbitrary content in an arbitrary frame in another browser window owned by e.g. a trusted site.

Secunia says the vulnerability has been confirmed in the following browsers:

Opera 7.51 for Windows
Opera 7.50 for Linux
Mozilla 1.6 for Windows
Mozilla 1.6 for Linux
Mozilla Firebird 0.7 for Linux
Mozilla Firefox 0.8 for Windows
Netscape 7.1 for Windows
Internet Explorer for Mac 5.2.3
Safari 1.2.2
Konqueror 3.1-15redhat

The group has also constructed a test, which can be used to check if your browser is affected by this issue.

According to a report on the The Inquirer, browser vendors actually find it to be a beneficial "functionality" to allow one browser window to load arbitrary content in a frameset in a different window (from a completely different domain).

This problem was also discussed in late 2000 in an article published on SecuriTeam.com: "By design, a browser window can contain subwindows called frames, and the frames can reside in different domains ? for instance, one frame could display a page from a web site, while another shows the contents of a file on the local computer. In such a case, the frames should not be able to exchange data, but the affected functions contain flaws that cause them not to enforce this restriction."

Feedback? Late-breakers@macfixit.com.

Resources

Late-breakers@macfixit.com

More from Late-Breakers

Topics:: News,; Troubleshooting

Tags:: Late-Breakers

Share:: Digg; Del.icio.us; Reddit; Facebook; Twitter

Recent posts from MacFixIt: Address Book: Search not working properly; iTunes 9.0.3 breaks AirTunes connection for some; Apple releases Aperture 3.0; Manage iCal's automatic e-mail generation for invitations; CNET TV Apple Byte: Apple faces critics; Weekly Utilities Update: Net Monitor, MiniUsage, TimeMachineEditor, more...; Odds and Ends: Essential video codec packs for OS X; Address Book: Unable to add, view contacts

Add a Comment (Log in or register) (12 Comments)

prev
next


by DLWormwood July 2, 2004 8:36 AM PDT: Just for clarification, this "issue" also applys to Internet Explorer for
Windows 5.0/5.5/6.0. That security warning was posted separately, since it
was found first by Secunia.

The "flaw" is actually a design limitation of HTML frames in general, not some
deliberate bug. See my /. article for the full story...; Like this Reply to this comment


by datkinso July 2, 2004 9:36 AM PDT: Neat trick.
Firefox 0.9.1, the only way to go.
Until 0.9.2 comes out.....; Like this Reply to this comment


by salvomic July 2, 2004 9:36 AM PDT: >
This is a reply to a previous comment by datkinso

Also Omniweb 5 beta 8 is not affected. It open two windows instead to put
the frame inside the window.; Like this Reply to this comment


by MacJuanC July 2, 2004 11:31 AM PDT: Although Secunia's list does not explicitly mention Netscape 7.1 on MacOS X as vulnerable, it is.

Seems we'll finally have to ditch this venerable browser, since I doubt that Time-Warner will be interested in letting whatever remains of Netscape Corp. to issue a newer version.; Like this Reply to this comment


by salvomic July 2, 2004 12:33 PM PDT: No problem with Omniweb 5 beta 8: the test from Secunia fail, and the
browser load the second page in a new window, not into the frame.; Like this Reply to this comment


by Booty--2008 July 2, 2004 12:43 PM PDT: The test fails also with Firefox; Like this Reply to this comment


by CyberPet2 July 2, 2004 12:57 PM PDT: No problem with Camino either on that test page. I *knew* I did a good choice to go with Camino a long time ago. :-); Like this Reply to this comment


by July 2, 2004 12:57 PM PDT: >
This is a reply to a previous comment by CyberPet2

Interesting - Camino 0.7 failed, but Camino 0.8 passed. Firefox 0.9 failed
(haven't done the update to 0.91, though this apparently fails also).
Omniweb 4.5 was ok though.; Like this Reply to this comment


by Demolition July 2, 2004 12:57 PM PDT: >>
This is a reply to a previous comment by Paddy

Interesting - Camino 0.7 failed, but Camino 0.8
passed.

That's because Camino 0.7 is based on the Mozilla 1.0
rendering engine. All Mozilla 1.0-based browsers fail.

Meanwhile, Camino 0.8 is based on the Mozilla 1.7
rendering engine. Most, if not all, Mozilla 1.7-based
browsers will pass the test.

D.; Like this Reply to this comment


by Radar323 July 3, 2004 1:52 AM PDT: Test fails in iCab 2.9.8. The Secunia data opened up a new window, instead of
popping up in one of the frames.; Like this Reply to this comment


by ironlung-bloodfist July 3, 2004 1:25 PM PDT: I checked both my browsers, Safari 1.2.2 and IE 5.2.3 on my 1.25gig g-4 e-
mac, both failed.; Like this Reply to this comment


by Bob Moody July 4, 2004 6:26 AM PDT: Using Safari 1.2.2 (v125.8) on 10.3.4. I have a 4-button Kensington trackball
and have a chord set for command-click, which I use for all links to force the
link to open in a new tab. Doing this causes the test to fail. Using tabbed
browsing in Safari may be the best defense so far. Just Command click all
links to cause them to open in a new tab, or set your preferences for all links
to open in a new tab. That should do it.

I notice that Mozilla for Mac is not listed. Is it vulnerable?; Like this Reply to this comment

(12 Comments)

prev
next

Navigate MacFixIt

Help
- Hardware
  - iMac,
  - Mac mini,
  - Mac Pro,
  - Macbook,
  - Xserve,
  - AirPort
- Mac OS
  - Snow Leopard,
  - Leopard,
  - Tiger,
  - Panther,
  - Jaguar,
  - Puma,
  - Cheetah,
  - OS 9
- Software
  - iTunes,
  - iPhoto,
  - iMovie,
  - iWork,
  - Backup,
  - Security,
  - Printer
Archives
- Reviews
- News
- Tutorials
- Troubleshooting
- Musings
Utilities
Forums

Questions? Problems? Comments? Contact Us!

About MacFixIt

MacFixIt is CNET's troubleshooting resource for all things Mac. The information here helps you navigate the ins-and-outs of Mac ownership with how-tos, troubleshooting information, news, reviews, and more.

Add this feed to your online news reader

MacFixIt topics

Reviews & advice: Site map; Editorial policies; Meet the editors; How we test; Forums; Internet speed test

Popular topics: Apple iPhone; Apple iPod; Cell phones; CES 2010; GPS; LCD TV

CNET sites: CNET Site map; CNET TV; Downloads; News; Reviews; Shopper.com

More information: Newsletters; CNET Mobile; CNET Widgets; Customer Help Center; RSS; CNET API; About CNET

sponsored

TOP PRODUCTS FROM TOP BRANDS

© 2010 CBS Interactive. All rights reserved.
Privacy Policy (UPDATED)
Terms of Use
Mobile User Agreement
Visit other CBS Interactive sites:

#networkSites {display:none;}BNET | CHOW | CNET.com | CNET Channel | GameSpot | International Media | mySimon | Search.com | TechRepublic | TV.com | ZDNet

My Lists
My software updates
log in | join CNET