I just got word from Mozilla FireFox that exploits two vulnerability issues could pose security risks regarding that and other browsers. The affected software includes versions of Mozilla, Mozilla Firefox, Netscape, Opera, Konqueror, Camino, Avant Browser, and Maxthon. Internet Explorer is not affected
Mozilla Firefox, along with several other tabbed browsers, has been found vulnerable to two security vulnerabilities that could cause users to unintentionally divulge sensitive information to unintended recipients, or cause them to download or execute content for a site other than they intended.
Secunia describes the two discovered vulnerabilities as "Vulnerability A" and "Vulnerability B". In Vulnerability "A", Secunia reports that "It is possible for a inactive tab to spawn dialog boxes e.g. the JavaScript "Prompt" box or the "Download dialog" box, even if the user is browsing/viewing a completely different web site in another tab." According to Secunia researchers, this could lead unsuspected users to react as if the spawned dialog came from the site they were currently viewing, causing them to take action they may not otherwise have taken.
In Vulnerability "B", Secunia researchers report that, "It is possible for a inactive tab to always gain focus on a form field in the inactive tab, even if the user is browsing/viewing a completely different web site in another tab." This could potentially cause sensitive form data to be sent to a non-trusted site or to a site other than the intended site.
To avoid either vulnerability, Secunia recommends users either disable Javascript or avoid visiting untrusted and trusted websites at the same time.
Check out the Secunia web site at:
http://secunia.com/ for more information. If anyone has already dealt with this issue, please enlighten us!
Mr. Analyst
