Tabbed Browsing – Security Risk

One of the newest and most popular additions to Web browers has been the onset of tabbed browsing, allowing multiple Web sites to be open in one browser window. It turns out that all browsers with this feature overlooked some key security concerns.

In this article at News.com, security company Secunia released this security advisory regarding the behavior of tabbed browsers, specifically Mozilla (including Firefox), Konqueror, and Opera. Though Safari wasn’t mentioned specifically, since it is based on Konqueror’s KHTML engine, the problem is likely present in Safari as well. Only Internet Explorer plugins supporting tabbed browsing are affected.

This security flaw allows a Web site in one tab to access information on a Web site in another tab, also allowing a site to pop up a dialog that appears to originate from a different tab. The latest version of Konqueror, released yesterday, fixes the problem. The Mozilla Foundation has promised that this flaw will be fixed before the final 1.0 release of Firefox. There is no news on when this flaw will be fixed in Opera.

Comments

  1. Keith

    Wow, that&#039s disappointing - particularly because I opened the articles in another tab. I really hope they get that flaw worked out - it&#039s one of my favorite features in Firefox and Safari - I use it all the time.

  2. Nicholas C. Zakas

    Yeah, I was really surprised that all of the browsers could overlook such an obvious security issue.

Understanding JavaScript Promises E-book Cover

Demystify JavaScript promises with the e-book that explains not just concepts, but also real-world uses of promises.

Download the Free E-book!

The community edition of Understanding JavaScript Promises is a free download that arrives in minutes.