| Forum Home | ||||
| PC World Chat | ||||
| Thread ID: 59110 | 2005-06-21 22:35:00 | Would a firewall help? Disabling Java? | Strommer (42) | PC World Chat |
| Post ID | Timestamp | Content | User | ||
| 365976 | 2005-06-21 22:35:00 | Fresh vulnerabilities in all popular browsers Fresh vulnerabilities have been found in several web browsers, including Safari, Internet Explorer 5.x, Camino 0.x and iCab 2.x for OS X; IE 6.x for Windows; and Opera 7.x and 8.x, Mozilla 1.7x and all version of Firefox on both platforms. The vulnerabilities relate to a dialog origin spoofing flaw, whereby JavaScript dialog boxes do not display or include their origin, which allows a new window to open a dialog box, which appears to be from a trusted site. Fixes have yet to be released. See here (secunia.com) for more. Would a firewall help? Disabling Java? |
Strommer (42) | ||
| 365977 | 2005-06-21 22:46:00 | Solution: Do not browse untrusted web sites while browsing trusted sites. You can also turn off Java Scripting, if you are surfing untrusted sites at the same time as trusted sites. in FireFox, Tools => Options => Web Features => Uncheck Javascript |
KiwiTT_NZ (233) | ||
| 365978 | 2005-06-21 22:56:00 | Solution: Do not browse untrusted web sites while browsing trusted sites. Does this mean that somehow browsing trusted sites opens up vulnerabilities? Not sure what you mean. BTW, I meant to post this on PF1, not chat. Mods - flick it over if needed. |
Strommer (42) | ||
| 365979 | 2005-06-21 22:57:00 | It is not a major problem. Just make sure that when going to secure sites that you type in the actual website address and don't go to it from any website links. This is a normal security precaution which everyone should already be following Successful exploitation normally requires that a user is tricked into opening a link from a malicious web site to a trusted web site. Do not browse untrusted web sites while browsing trusted sites |
Safari (3993) | ||
| 365980 | 2005-06-22 01:02:00 | A little care and attention will defeat cross-site scripting attacks. I cannot imagine myself ever entering my user name and password into a random pop-up box that appears out of context. A firewall will certainly not help, because you chose to go to that fraudulent site, and disabling javascript will kill the functionality of many useful sites, such as banking sites. What may possibly be very helpful though, is the Netcraft (www.netcraft.com) anti-phishing toolbar for IE and FF. It notes the site you are looking at, matches it to their database of dirty-tricks sites, and tells you. |
vinref (6194) | ||
| 1 | |||||