Monday, October 30, 2006

Yet another security flaw spotted in IE 7 today.

Secunia has confirmed today that a window injection vulnerability has been detected in internet explorer 7. This is now the third vulnerability that has been spotted in IE 7 the first two being the Internet Explorer 7 "mhtml:" Redirection Information Disclosure and the Popup Address Bar Spoofing Weakness. Among these two the mhtml vulnerabilty as I had mentioned in my earlier article lead to a debate between Microsoft and Secunia as Microsoft said that since the actual problem for the mhtml vulnerability lies with outlook express it cannot be attributed to Explorer 7 and Secunia saying that the vulnerability is fully exploitable via IE, which is the primary attack vector, if not the only attack vector.

Now this security flaw on IE 7 detected by Secunia and released today is termed as moderately critical where as the other two were termed as just moderate. This security flaw can be exploited by malicious people to spoof the content of websites.

According to the report a website can inject content into another site's window if the target name of the window is known. This can e.g. be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website.

The vulnerability has been confirmed on a fully patched system with Internet Explorer 7.0 and Microsoft Windows XP SP2.

What I find really amazing about this is that this vulnerability was actually reported on 2004-12-08 by secunia for explorer 5.01, 5.5 and version 6.x So does this mean that this issue was not addressed and patched earlier by Microsoft in their earlier versions and that it has just been passed onto the version 7?

And another thing to be noticed is that this same window injection vulnerability was detected in many other browsers including firefox, Opera, Netscape etc:- in 2004. It was an issue for multiple browsers at that time. But so far I have not seen this issue mentioned by Secunia for the Firefox 2. So it makes me wonder whether Mozilla has patched this in Firefox but Microsoft simply left it out. Or may be Secunia has not yet tested this security flaw on Firefox 2. I mean if this issue which was earlier detected in 2004 has been patched in Firefox and other browsers but hasn't been patched only in Explorer then that is really something very unpleasently surprising.

We have to wait and see the Microsoft's response to this and also let us see whether this same problem exists with Firefox too.

Secunia's today's report.
Secunia's report in 2004.

UPDATE: Just after I finished this article it has been confirmed now that Fire Fox 2 is also facing the same security flaw. I was in the right direction when I mentioned that since it was a mulitple browser problem including Opera, Firefox, Netscape and Explorer originally reported in 2004 by Secunia it could mean that those browsers could be affected too. I am waiting to see what the other browsers too have to say.

You can read the latest news on Firefox too being affected by this here.