Version: 2008
  • On GameSpot: Courtney Love to sue over Guitar Hero 5

Comments on: Pop-up vulnerability found in major browsers

Flaw could trick Web surfers into giving away personal information by popping up a malicious dialog box in front of a trusted Web site.

Add a Comment (Log in or register) (6 Comments)
  • prev
  • 1
  • next
You can never fix this problem at the browser level
by OneWithTech June 22, 2005 10:15 AM PDT
Microsoft can investigate this problem all they want, and so can
the rest of the browser builders in the world. I'm a web
developer that can tell you that Javascript is very powerfull.

Javascript used in the fashion of phising can exploit any website
because of the use of frames in Javascript. The ability to make a
popup in from of a know good website is a Javascript frame
issue, not a browser issue.

So here's the last of your 30k worth of advice.

Browsers are equivalent to the human brain reading a book, the
browser mearly reads code created by poeple like me. The code
in this case is Javascript that is created by a web developer, and
then used to manipulate people into giving them information. As
long as I can create frames in Javascript, I can continue to
exploit this flaw.
Reply to this comment
Solution
by abibaby June 23, 2005 4:24 PM PDT
As you mentioned Javascript is very powerful, the engine that runs Javscript is much powerful. The browser to which this engine belongs can be powerful. There is always a solution to every problem. I think security wise script engines can have the ability to stop script from a website interacting with scripts/DOM objects from other websites.
The real winner here is Secunia...
by M C June 22, 2005 12:28 PM PDT
...who gets their name in yet another CNet story.

"Let's see...if we call an unimportant, almost-impossible-to-exploit bug 'unimportant,' no one will write about it. So let's work in the word 'critical'...'less critical.' Oooo...I like it!"
Reply to this comment
OR NOT!
by Jonathan June 22, 2005 1:43 PM PDT
Nope. With the right extension popups CAN'T happen. Period.

Details:
http://weblogs.mozillazine.org/asa/archives/007860.html

http://ftp.mozilla.org/pub/mozilla....ntal/popupsdie/

It can be annoying in that you will have to add the sites you trust to the extension but its as simple as clicking the popup blocker icon in the corner of the window and checkmark trust site. After about a week you will prob have most of your sites listed. Seriously this is the rough equivalent of a tactical nuke when it comes to popups.
Reply to this comment
Pop-Up Blocker Anyone?
by 201293546946733175101343322673 June 23, 2005 11:32 AM PDT
Come to think of it, I haven't seen one single pop-up in the last 6 months :)
Reply to this comment
Fire Molly Wood
by montgomeryburns June 23, 2005 11:33 AM PDT
Fire Molly Wood.
Reply to this comment
(6 Comments)
  • prev
  • 1
  • next
advertisement
Click Here

Latest tech news headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

advertisement
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET