Message-Id: <199706261557.LAA08136@allen.cert.org>
From: "CERT(R) Coordination Center" <cert@cert.org>
Date: Thu, 26 Jun 97 11:38:30 EDT
To: Vinod Anupam <anupam@bell-labs.com>
Subject: Re: Browser Vulnerability (VU#16403)
In-Reply-To: <33B05B88.65FE@bell-labs.com> from Vinod Anupam on Tue,
-----BEGIN PGP SIGNED MESSAGE-----
Vinod Anupam <anupam@bell-labs.com> writes:
>
>We have discovered a serious vulnerability in popular versions of both
>Netscape Navigator/Communicator (2.*, 3.*, 4.*) as well as Microsoft
>Internet Explorer (3.*).
Have you tested this against the beta IE 4?
>This vulnerability allows a perpetrator to use
>an innocuous Web document to load a Trojan horse virus from a browser
>window W into a new browser window X. For all Web documents subsequently loaded
>into window W, this Trojan horse can...
Thanks for copying us on your report. We have added this to our
knowledgebase as VU#16403. One question -- for scoping purposes we are trying
to understand if this is a design flaw or an implementation error.
I thought that Netscape's Javascript, at least in recent versions,
prohibited scripts from accessing elements of windows that were displaying
information from a different URL than the script's own. Is the problem
you found with the way that restriction was implemented or does that
restriction not address the problem you found at all?
Microsoft's browsers don't have such a restriction, do they? (I haven't
tested this yet - I am not a Javascript expert.) So although what you
describe, though undesirable and unexpected, is not intended to be
restricted by the current design?
If so, it sounds as though this is an implementation error in Netscape and
design flaw in MS IE. Or is the problem something else that we haven't correctly
understood?
Thanks!
-- Jim Ellis
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBM7KRbXVP+x0t4w7BAQHFUAP9GFVLATMRSkwXFyYQZIG3MNElptH96wBD
DBxjhlzPJvj0uV0SZLvLmG5EW3kd+MlHFeZVJa+sbRyxVy9R98SYui0phUxItlr+
8l76GrfSY4s6BCZ4N5jnOqamzZJjKQNy4LTzCCjmJMQU/s8Tj2Vr/WyXKmxn3ro2
GfiwlAEN1nA=
=/nP5
-----END PGP SIGNATURE-----