The way browsers handle JavaScript dialog boxes may pose a security threat to an unthinking user.
Secunia, a security firm based in Denmark, has provided more information on a previously reported less-critical JavaScript issue that could be exploited by malicious web sites.
By luring viewers into visiting a mailcious site and clicking on a link to a trusted site, a criminal could take advantage of a JavaScript behavior to possibly obtain personal information. The malicious site would then deliver a dialog box to the user, who would not be able to tell just from looking at the box where it came from.
Anything the user enters in the dialog box would then be captured and delivered to the criminal running the malicious site. Secunia has provided a sample link to demonstrate the proof of concept.
The firm also says the behavior can be exploited in all browsers, even the as yet unfinished Firefox 1.0.5. And this includes users of non-Windows operating systems; the Safari browser for the Mac platform can be victimized in the same way.
But a report in The Inquirer online says the makers of the Opera browser have a fix for the JavaScript issue in their latest 8.0.1 browser. Opera released the updated browser last week.
It is recommended that users not simultaneously browse untrusted and trusted web sites at the same time. Users of tabbed browsers should take care to only have a tab open for the trusted site they wish to visit.
David Utter is a staff writer for Murdok covering technology and business. Email him here.
