http://secunia.com/advisories/11978/
Description:
A 6 year old vulnerability has been discovered in multiple browsers,
allowing malicious people to spoof the content of websites.
The problem is that the browsers don’t check if a target frame belongs to a
website containing a malicious link, which therefore doesn’t prevent one
browser window from loading content in a named frame in another window.
Successful exploitation allows a malicious website to load arbitrary content
in an arbitrary frame in another browser window owned by e.g. a trusted
site.
Secunia has constructed a test, which can be used to check if your browser
is affected by this issue:
http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/
The vulnerability has been confirmed in the following browsers:
* Opera 7.51 for Windows
* Opera 7.50 for Linux
* Mozilla 1.6 for Windows
* Mozilla 1.6 for Linux
* Mozilla Firebird 0.7 for Linux
* Mozilla Firefox 0.8 for Windows
* Netscape 7.1 for Windows
* Internet Explorer for Mac 5.2.3
* Safari 1.2.2
* Konqueror 3.1-15redhat
Other versions may also be affected.
The vulnerability also affects Internet Explorer:
SA11966
Solution:
Do not browse untrusted sites while browsing trusted sites.
The following browsers are not affected:
* Mozilla Firefox 0.9 and later
* Mozilla 1.7