Microsoft Plugs IE; Warns All Browsers At Risk (Test Your Browser Here)

TechWeb ^ | July 2, 2004 | Gregg Keizer

[ThePythonicCow]

How do we know that "checking" our browser is safe?

Well, the thing that the last link in this post was checking was whether one web site could pretend to be another, and fake you out into giving up, say, your bank account login or credit card to a bad guy.

Since you don't particularly trust this checking website, you are in good shape - I am sure you would have refused to offer up any personal information to whatever pages came up.

Only if you had been deluded into thinking it was really some web site you trusted would you have been at risk of giving it personal information.

Though, as someone else noted in another post above, this entire article is a bit confused -- it is mixing two different problems.

• One, that the first part of the article focuses on, is only Microsoft Internet Explorer related - it could secretly download bad software from what looked to you to be a perfectly fine web page. Then that bad software, now running in your PC, would steal information, without your ever noticing (until you noticed your bank account short of funds)
• The second, which that last quick test link in the article was testing, was whether your browser would allow one web site to lie to you, telling you it was another web site, and con you into entering information that you would not normally give, except to a site you trusted. It is this link that you can safely try - since you aren't about to be fooled, at least this time.

[Byron_the_Aussie]

Appreciate it, Eagle.

We've had Bill Gates out here this week, meeting with our Prime Minister. And all week I've been battling IE problems- the Byte.Verify trojan, Bloodhound, and CoolWebSearch. And I must have thought, at least ten times, 'go home, Gates. Just go home, and fix up the holes in your product.'

[Redbob]

"Mozilla 1.7 under Windows does not seem to be vulnerable."<

Some things are worse even than being hacked...

[Swordmaker]

ALERT This vulnerability is in Microsoft Internet Explorer v.5.2.x for the Mac, too!

Sorry, First_Salute, but I just tested the exploit on Secunia's site with my Apple Macintosh G5. both with Safari and Internet Explorer 5.2.3, and the exploit did not work on either.

While Secunia DID successfully inject its content onto the page, the return to the page did not replicate that injection

[LTCJ]

Internet Explorer failed. Firefox passed.

I had been using Firebird (v0.7 ?) - it failed. Just "upgraded" to Firefox - OK now.

[mean lunch lady]

Thanks for the alert. I will have my computer expert, my son, check this out. I appreciate the heads up.

[First_Salute]

The exploit is working on Microsoft Internet Explorer 5.2.x for the Mac, as stated.

[Swordmaker]

Sorry, First_Salute, but I just tested the exploit on Secunia's site with my Apple Macintosh G5. both with Safari and Internet Explorer 5.2.3, and the exploit did not work on either.

Perhaps I was too quick and their explanation of the exploit is a bit vague. The Secunia insert DID get inserted into the window... but the window on the Mac version comes to the front and you see the change being made.

Using that criteria Safari, IE 5.2.3 AND Netscape 7.1 are all vulnerable.

Damn!

[Swordmaker]

see Reply 28. I spoke too soon.

[FairOpinion]

I have Norton, I even downloaded the fix from Microsoft, and when I did the test, it showed my browser is vulnerable.

Apparently Norton is spoofed too, it thinks that the new site is part of the trusted site.

So how to I protect myself, anybody has any specific suggestions?

[Hawkeye's Girl]

Well, the spoof doesn't work in Firefox 0.9.1, which I just downloaded after IE 6 got fooled.

[Swordmaker]

Freeper First_Salute has pinged me to this site which has an announcement that is important to all Macintosh users! Actually, it is important to all browser users regardless of platform!

MAC PING!!!! IMPORTANT!!!

IF you want to be added or dropped from the Mac Ping List, please Freepmail me.

Thanks, First _Salute!

[Squantos]

Well I downloaded the update last night from MS , restarted the puter and this "test" still seems to show I'm vulnerable based on their "test" ?

I'm running Norton Pro, Spybot & Blaster, Ad-Aware, AVG and Zone alarm pro all up to date with latest and greatest..... ???

Suggestions ? I know buy a Mac or go with mozilla.......:o)

[Dont Mention the War]

Perhaps I was too quick and their explanation of the exploit is a bit vague. The Secunia insert DID get inserted into the window... but the window on the Mac version comes to the front and you see the change being made.

I just had the same thing happen in Camino 0.8. Secunia specifically names Mac browsers as being affected.

Multiple Browsers Frame Injection Vulnerability

Secunia Advisory: SA11978

TITLE:
Multiple Browsers Frame Injection Vulnerability

SECUNIA ADVISORY ID:
SA11978

RELEASE DATE:
2004-07-01

LAST UPDATE:
2004-07-02

VERIFY ADVISORY:
http://secunia.com/advisories/11978/

CRITICAL:
Moderately critical

WHERE:
From remote

IMPACT:
Spoofing

SOFTWARE:
Internet Explorer 5.x for Mac
Konqueror 3.x
Mozilla 0.x
Mozilla 1.0
Mozilla 1.1
Mozilla 1.2
Mozilla 1.3
Mozilla 1.4
Mozilla 1.5
Mozilla 1.6
Mozilla Firefox 0.x
Netscape 6.x
Netscape 7.x
Opera 5.x
Opera 6.x
Opera 7.x
Safari 1.x

DESCRIPTION:
A 6 year old vulnerability has been discovered in multiple browsers, allowing malicious people to spoof the content of websites.

The problem is that the browsers don't check if a target frame belongs to a website containing a malicious link, which therefore doesn't prevent one browser window from loading content in a named frame in another window.

Successful exploitation allows a malicious website to load arbitrary content in an arbitrary frame in another browser window owned by e.g. a trusted site.

Secunia has constructed a test, which can be used to check if your browser is affected by this issue:
http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/

The vulnerability has been confirmed in the following browsers:
* Opera 7.51 for Windows
* Opera 7.50 for Linux
* Mozilla 1.6 for Windows
* Mozilla 1.6 for Linux
* Mozilla Firebird 0.7 for Linux
* Mozilla Firefox 0.8 for Windows
* Netscape 7.1 for Windows
* Internet Explorer for Mac 5.2.3
* Safari 1.2.2
* Konqueror 3.1-15redhat

Other versions may also be affected.

The vulnerability also affects Internet Explorer:
SA11966


SOLUTION:
Do not browse untrusted sites while browsing trusted sites.

The following browsers are not affected:
* Mozilla Firefox 0.9 and later
* Mozilla 1.7


REPORTED BY CREDITS:
Reported in Mozilla browser by:
Gary McKay


CHANGELOG:
2004-07-02: Updated solution.


OTHER REFERENCES:
SA11966:
http://secunia.com/advisories/11966/

Secunia Advisory: SA11978

[Bush2000]

On Friday, however, the security vendor modified the alert to claim that virtually every browser, from Internet Explorer and Mozilla to Opera and Netscape -- including browsers for both Windows and the Mac OS -- has this flaw.

See, cretins? Don't say you weren't warned.

[Swordmaker]

Bush, it IS possible to comment on this without insulting anyone.

Why not give it a try...

Before you get your self another time-out from FR.

[general_re]

Well I downloaded the update last night from MS , restarted the puter and this "test" still seems to show I'm vulnerable based on their "test" ?

Well, it's two different things in question here. This test apparently exploits a new problem, different from the one that the latest MS patch fixes. You can either switch to a non-vulnerable browser, such as Firefox, or you can tweak your settings in IE to not allow such things. Go to Tools -> Internet Options -> Security, highlight the Internet zone, and select "Custom Level". Scroll down until you find the setting that says "Navigate sub-frames across different domains" and select "disable" - hit "Okay", and back out. Re-run the test, and it'll no longer work.

If you tend to visit websites that (legitimately) rely on multiple domains for different frames, this may have the side-effect of not allowing such websites to load properly. That's not especially common, so I don't think it's likely that you'll have any real problems with changing the setting, but try it out and see if it breaks any sites you usually use.

[Swordmaker]

Here is the answer until the publishers of our browsers fix the problem (which will probably make the internet experience a little less convenient).

SOLUTION:

Do not browse untrusted sites while browsing trusted sites.

The following browsers are not affected:
* Mozilla Firefox 0.9 and later
* Mozilla 1.7

Simply use only ONE window when you need to use a secure site.

[Squantos]

THANKS !!...........Stay Safe !

[Eagle9]

We've had Bill Gates out here this week, meeting with our Prime Minister. And all week I've been battling IE problems- the Byte.Verify trojan, Bloodhound, and CoolWebSearch. And I must have thought, at least ten times, 'go home, Gates. Just go home, and fix up the holes in your product.'

A FReeper named Long Cut posted a thread on 6/05/2004 with exact instructions and links to software he used to get rid of CoolWebSearch. Numerous FReepers gave him helpful advice and links. I think if you read his thread, you'll be able to get rid of CoolWebSearch and probably the others you mentioned. Here's a link to the thread.

HIJACK!(No, Not THAT Kind!)