Pop-up Vulnerability in Browsers - Opera 8.01 Has Fix *

Secunia Research has discovered a vulnerability in various browsers which can be exploited by malicious web sites to spoof dialog boxes. Opera claims that its 8.01 browser, released last week, includes a fix - but, when I tried, that too failed* Secunia’s online test.

*Update
Although the pop-up window appears in the Opera browser, the 8.01 version displays the origin of the pop-up dialog - that makes Opera 8.01 the only of major browser not affected by the vulnerability. Thanks to Daniel Goldman ( OperaWatch.blogspot.com ) for the heads-up.

The problem, which reportedly affects Opera, Safari, Mozilla, Firefox, and both Windows and Mac versions of Internet Explorer, is that JavaScript dialog boxes do not display or include their origin, which allows a new window to open, e.g. a prompt dialog box, that appears to be from a trusted site.

Inquirer - While other browsers still have the problem, an Opera spokesman said that its version 8.01, released last week, includes a fix for this probbo. Secunia apparently only made its advisory public after a fixed Opera browser was available. Obviously it didn’t wait for Firefox, IE or Safari to get their collective acts together.

Secunia’s advice is to not browse untrusted web sites while browsing trusted sites.