Message-Id: <33B05B88.65FE@bell-labs.com>
Date: Tue, 24 Jun 1997 19:43:04 -0400
From: Vinod Anupam <anupam@bell-labs.com>
To: cert@cert.org, security-notes@netscape.com, secure@microsoft.com,
Subject: Browser Vulnerability
FROM: THE DATABASE SYSTEMS RESEARCH DEPARTMENT AT BELL LABS -
THE RESEARCH AND DEVELOPMENT ARM OF LUCENT TECHNOLOGIES
We have discovered a serious vulnerability in popular versions of both
Netscape Navigator/Communicator (2.*, 3.*, 4.*) as well as Microsoft
Internet Explorer (3.*). This vulnerability allows a perpetrator to use
an innocuous Web document to load a Trojan horse virus from a browser
window W
into a new browser window X. For all Web documents subsequently loaded
into
window W, this Trojan horse can:
- observe URLs of visited documents
- observe any data interactively filled into HTML forms
- observe values of cookies
- observe contents of password fields in forms(on Windows)
- dynamically change contents of the action URL of forms, thus enabling
the hijacking of form data (tested only on Netscape)
- observe form, password, and cookie information even from 'secure'
HTTPS-based documents. These documents are protected while data moves
over the network, but no protection is provided for the data while in
the browser, from where it can be stolen.
The Trojan horse can use HTTP, and possibly Java applets or ActiveX
scripts to send the captured information back to a desired location,
completely unbeknownst to the user.
At this time, the only known way of avoiding becoming the subject of
such an attack, till the problem is fixed by browser vendors, is to turn
off JavaScript in the security settings of the browser.
We are informing executives at Netscape, Sun Microsystems, and Microsoft
and,
as appropriate, will help them fix this problem.
For further information, please contact:
Vinod Anupam Narain Gehani
Database Systems Research Dept. Database Systems Research Dept.
Bell Labs Bell Labs
908-582-7366 (office) 908-582-4461 (office)
908-654-1619 (home) 908-273-2272 (home)
908-582-5809 (fax) 908-582-5809 (fax)
anupam@research.bell-labs.com nhg2@research.bell-labs.com
-- Vinod Anupam _ /| email: anupam@bell-labs.com Bell Labs, Lucent Technologies \'O.o' phone: (908)582-7366 700 Mountain Ave., Rm 2C-223 =(___)= fax: (908)582-5809 Murray Hill, NJ 07974-0636 U www: http://www-db.research.bell-labs.com/user/anupam