According eWeek.com, a new vulnerability was found in all the major Web browsers ( IE, Firefox, Safari).
This Spoofing Flaw can be exploited by malicious hackers to trick surfers into disclosing confidential information.


Here is the place for you to test your broswer whether vulnerable or not.
http://secunia.com/multiple_browsers_dialo...erability_test/

source:
http://www.eweek.com/article2/0,1759,1830025,00.asp

Oh dear, this sounds pretty serious. All my browsers are vulnerable... O-o. Wonder whether there'd be any patch soon?

Hmmn... I'm wondering, if these security flaws were not made public, would potential hackers have found out about and sicovered the flaw? Do they go about engineering and looking at the source code to disocver new flaws?

I honestly don't see how that is a security problem. Surely even a completely inexperienced computer user would notice the new window opening when they clicked the link. Even if they didn't, who would be stupid enough to enter bank account details into a completely unsecure javascript dialogue?

To be honest, I doubt scammers will be adopting this method quite soon

Hmm, I don't know, for me the very fact that they can open a unnamed javascript window on top of a verified site is still rather disturbing. Yes, even a new computer user would notice the new window opening, but it's not the noticing the new window, it's more of if the hacker decides to exploit the vulnerability, makes his pop-up dialog box really authentic-looking, and thus gets information from not-so-experienced computer users, and then use that information. I mean, I think people like my dad or my brother, though they are not total-computer-idiots, might fall for a dialog box that seems to come from Google.com or Amazon.com asking for passwords or stuff like that.

I just saw this new in C|Net News.com.
[quota]
Microsoft does not plan to update Internet Explorer to prevent a spoofing attack that could trick users into giving out personal information to hackers.
[/quota]

Is it just because thuse they don't deem them a high risk??
Do you believe this article??
I am quite surprise, microsoft won't issue an update for IE.

it makes IE is the worst browser right now.

source:
http://news.com.com/IE+pop-up+spoof+wont+g...ml?tag=nefd.top

Firefox's Javascrips Is Kinda Messed Upp Dont Ya Think ???? XX

and this is just one more reason why i have javascript disables in all my browsers. i didnt get the prompt so i assume i dont have that particul insecurity to worry about

As more such problems are discovered, programmers will learn to be more and more security savvy. Open source has the best chances though. The people who are open source tend to care about security, and having their programs work. So, it will probably get fixed in FF in the not too distant future. IE may have to wait till version 7, whenever the hell that comes out.

Oof. Thanks for the example you provided. Now I know what it looks like. Good thing banks don't use JS prompts, or hackers could steal credit card information. Hope Microsoft fixes it soon (maybe 2006 when IE7 and Longhorn comes out)