
Tools and Traps…
Feature or Flaw?
Secunia, a vulnerability-monitoring company, published a demonstration of
what it decided was a vulnerabilityin the browser (http://secunia.com/mul-
tiple_browsers_dialog_origin_vulnerability_test) due to the fact that an
untrusted user can display an external popup dialog box in front of a trusted
site that does not belong to the site. This is not exactly a new issue, since the
idea of DHTML is to enable powerful features, including window focus con-
trol. These types of techniques are used on pornographic ad sites to trick
users to click through to their sites and essentially “drive” the browser for the
user. The problem ...