Multiple Web Browsers Affected by Clickjacking
usrbingeek | Sep 30, 2008 | 0 comments
Reports are circulating that most web browsers are vulnerable to a new cross-browser exploit technique called “Clickjacking,” warns US-CERT.
According to one of the reports, Clickjacking gives an attacker the ability to trick a user into clicking on something only barely or momentarily noticeable. Therefore, if a user clicks on a web page, they may actually be clicking on content from another page. A separate report indicates that this flaw affects most web browsers and that no fix is available, but that disabling browser scripting and plug-ins may help mitigate some of the risks.
An additional report suggests that Firefox users consider using the NoScript plug-in as an added preventative measure. Disabling IFRAMEs by default, as outlined in the Securing Your Web Browser document, is reported to protect against the vulnerability.
US-CERT encourages users to review the report and follow the security recommendations as described in the Securing Your Web Browser document to help mitigate some of the risks.
An additional report suggests that Firefox users consider using the NoScript plug-in as an added preventative measure. Disabling IFRAMEs by default, as outlined in the Securing Your Web Browser document, is reported to protect against the vulnerability.
US-CERT encourages users to review the report and follow the security recommendations as described in the Securing Your Web Browser document to help mitigate some of the risks.
[Multiple Web Browsers Affected by Clickjacking]
Filed Under: Tech News
