[Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers)
Michal Zalewski
lcamtuf at dione.ids.pl
Sun Feb 11 20:54:40 GMT 2007
On Sun, 11 Feb 2007, Michal Zalewski wrote:
> This was tested with 2.0.0.1. Opera is most likely not vulnerable;
> Microsoft Internet Explorer is not vulnerable as-is, but might be
> vulnerable to a variant of the attack.
And indeed - here's a MSIE 7.0 demo:
http://lcamtuf.coredump.cx/focusbug/ieversion.html
Somewhat less pretty and straightforward, but equally sad.
/mz
Full-Disclosure is hosted and sponsored by Secunia.