New multibrowser exploit; VMS Mozilla or Mosaic may also be affected - VMS

This is a discussion on New multibrowser exploit; VMS Mozilla or Mosaic may also be affected - VMS ; Its currently called "Clickjacking" and basically means if you end up on a compromised or malicious page, "you" can be forced to "click" on any link on that page without your intervention, and even without you seeing it happen. http://blogs.zdnet.com/security/?p=1972 ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: New multibrowser exploit; VMS Mozilla or Mosaic may also be affected

  1. New multibrowser exploit; VMS Mozilla or Mosaic may also be affected

    Its currently called "Clickjacking" and basically means if you end up
    on a compromised or malicious page, "you" can be forced to "click" on
    any link on that page without your intervention, and even without you
    seeing it happen.

    http://blogs.zdnet.com/security/?p=1972

    Also a note from someone who works on NoScript for Firefox

    http://blogs.zdnet.com/security/?p=1973


    Details are not disclosed, but its being described as very bad. All
    current major browsers are impacted (excluding Lynx!). Javascript is
    not involved.

    Until more details are released, or until a 'test site' is made
    available, there's no way to know for sure if Mozilla or Mosaic on VMS
    is affected. If it is... well I wonder how that long rumored Firefox
    port is coming along...

  2. Re: New multibrowser exploit; VMS Mozilla or Mosaic may also be affected

    In article <40222745-a287-4ba9-9a9f-1467d3244893@r66g2000hsg.googlegroups.com>, Rich Jordan writes:
    > Its currently called "Clickjacking" and basically means if you end up
    > on a compromised or malicious page, "you" can be forced to "click" on
    > any link on that page without your intervention, and even without you
    > seeing it happen.
    >
    > http://blogs.zdnet.com/security/?p=1972
    >
    > Also a note from someone who works on NoScript for Firefox
    >
    > http://blogs.zdnet.com/security/?p=1973
    >
    >
    > Details are not disclosed, but its being described as very bad. All
    > current major browsers are impacted (excluding Lynx!). Javascript is
    > not involved.
    >
    > Until more details are released, or until a 'test site' is made
    > available, there's no way to know for sure if Mozilla or Mosaic on VMS
    > is affected. If it is... well I wonder how that long rumored Firefox
    > port is coming along...


    VMS Mosaic doesn't support DHTML which appears to be a requirement for
    the exploits. Mosaic also doesn't support scripting or plugins. If
    Lynx is okay, then Mosaic should be okay unless there is some exploit
    involving refresh URLs (the only case where Mosaic "clicks" on its own).


    George Cook
    WVNET

  3. Re: New multibrowser exploit; VMS Mozilla or Mosaic may also beaffected

    On Sep 25, 6:31*pm, c...@wvnvms.wvnet.edu (George Cook) wrote:
    > In article <40222745-a287-4ba9-9a9f-1467d3244...@r66g2000hsg.googlegroups..com>, Rich Jordan writes:
    >
    >
    >
    > > Its currently called "Clickjacking" and basically means if you end up
    > > on a compromised or malicious page, "you" can be forced to "click" on
    > > any link on that page without your intervention, and even without you
    > > seeing it happen.

    >
    > >http://blogs.zdnet.com/security/?p=1972

    >
    > > Also a note from someone who works on NoScript for Firefox

    >
    > >http://blogs.zdnet.com/security/?p=1973

    >
    > > Details are not disclosed, but its being described as very bad. *All
    > > current major browsers are impacted (excluding Lynx!). *Javascript is
    > > not involved.

    >
    > > Until more details are released, or until a 'test site' is made
    > > available, there's no way to know for sure if Mozilla or Mosaic on VMS
    > > is affected. *If it is... well I wonder how that long rumored Firefox
    > > port is coming along...

    >
    > VMS Mosaic doesn't support DHTML which appears to be a requirement for
    > the exploits. *Mosaic also doesn't support scripting or plugins. *If
    > Lynx is okay, then Mosaic should be okay unless there is some exploit
    > involving refresh URLs (the only case where Mosaic "clicks" on its own).
    >
    > George Cook
    > WVNET


    Thanks for the info, George. Its good to know.

+ Reply to Thread