by r0t,der4444,cembo,VietMafia

Tuesday, June 27, 2006

Multiple Browsers Information Disclosure vuln.

Multiple Browsers Information Disclosure vuln.

###############################################
Vuln. discovered by : r0t
Date: 27 june 2006
###############################################

Vuln. Description:


Multiple Browsers contains a flaw which can be exploited by malicious people to disclose potentially sensitive information.
An error in the handling of redirections can be exploited to access documents served from another web site via the "object.documentElement.outerHTML" property.

Affected browsers:

MYweb4net Browser 3.8.8.0
http://www.mybrowser.web4net.net/

GreenBrowser 3.4.0622
http://www.morequick.com/

Maxthon v1.5.6 build 42
http://www.maxthon.com/

PhaseOut 5.4.4
http://www.phaseout.net/

FineBrowser Freeware version v3.2.2
http://www.finebrowser.com/

Slim Browser 4.07 build 100
http://www.flashpeak.com/

NetCaptor 4.5.7 Personal Edition
http://www.netcaptor.com/

Enigma Browser 3.8.8
http://www.suttondesigns.com/

Fast Browser Pro 8.1
http://fastbrowser.net/

GoSuRF Browser 2.62
http://gosurfbrowser.com/?ln=en

Previous versions off those browsers also can be affected.



Tested on Windows XP/SP2 and IE 6 ( some of those browsers use IE engine to run, but offcourse not vuln. IE 6.0 was used for that tests.)


note: This advisory is based on Plebo Aesdi Nael advisory in IE.

Reff url: http://secunia.com/advisories/20825/


###############################################
Solution:
Disable Active Scripting support.
###############################################
More information @ unsecured-systems.com/forum/

1 Comments:

Anonymous Sanny told...

Fortunately, I use none of listed browsers, though Mozilla I use has flaws too=) Nothing is perfect.

9:04 AM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew