Main Area and Open Discussion > Living Room

Vuln. Alert: Browser 'Clickjacking'

(1/3) > >>

Ehtyar:
A vulnerability has been discovered that allegedly allows an attack to misrepresent the destination of a link on their website in order to lead the reader to a destination of the attackers choice. The details are thus far being withheld at the behest of Adobe.




In another event for the "internet is broken" files, two prominent security researchers have pulled a scheduled talk that was to demonstrate critical holes affecting anyone who uses a browser to surf the web.

Jeremiah Grossman and Robert "RSnake" Hansen say they planned to demonstrate serious "clickjacking" vulnerabilities involving every major browser during a presentation scheduled for September 24 at OWASP's AppSec 2008 Conference in New York. They canceled their talk at the request of Adobe, one of the developers whose software is vulnerable to the weakness, they say.

--- End quote ---

Full Story

Ehtyar.

Stoic Joker:
Anybody else get the impression that this is more of an Adobe issue, than a browser issue?

Ehtyar:
Anybody else get the impression that this is more of an Adobe issue, than a browser issue?
-Stoic Joker (September 17, 2008, 11:09 AM)
--- End quote ---
Yes indeed. Though sensationalism is getting out of hand if they're using the phrase "affecting anyone who uses a browser to surf the web" when they're actually referring to adobe reader.

Ehtyar.

app103:
Unless they are referring to flash, then it would involve both Adobe and almost every browser.

Ehtyar:
Oh doi! *headdesk*

Ehtyar.

Navigation

[0] Message Index

[#] Next page