'Clickjacking' Threat Hits Firefox and Chrome
Clickjacking is tricking a Web user into clicking on something they didn't want to, possibly on something they can't even see. It's possible to create a hidden overlay over a Web page and, within that hidden page, load up something like the login screen to MySpace. To the user the Web page might appear to be showing a game or the like that requires you to click on various objects, but in reality the user might be clicking on options in MySpace to make his or her information public or, disconcertingly, to change their password. Firefox and Chrome currently have no mechanism for preventing this kind of attack, but, surprisingly, Internet Explorer, a browser many consider to be less secure than the competition, is not susceptible to the attack.
Google has pledged to release a fix in short order, and we presume Firefox will be patched quickly as well. But, the best news is that nobody is actually aware of this sort of exploit being used in the wilds of the Internets so, for now at least, we wouldn't lose any sleep over this one. [From: CNET News]
- Microsoft Internet Explorer 8 Now Available, Still Not Quite Finished
- Internet Explorer Continues to Tumble in Market Share
- Google Chrome's Market Share Dropping Hard and Fast