Tabbed Browsing Issues

Forum Moderators: open

Message Too Old, No Replies

Tabbed Browsing Issues

Clueless browser non-story of the week.

Brett_Tabke

12:36 pm on Oct 21, 2004 (gmt 0)

Tabbed browsing - which has been around since 1996 - is one of the power surfers most frequently used features. In one of the most misquided stories I've seen on both Internet.com and Secunia, the author evidently thinks that because you can't see it, there is a problem.

They show this alleged problem by causing a page to auto load in a seperate tab. This is no different that loading a page in one window, minimizing it, and then opening another window. The minimized page will continue to load too.

Authors clearly misunderstand what tabbed browsing is all about.

[internetnews.com...]

encyclo

12:56 pm on Oct 21, 2004 (gmt 0)

There were also a bunch of serious IE vulnerabilities announced this week, and this "vulnerability" was put in the same group to show that Mozilla/Firefox was equally subject to security problems as IE.

There was also the release of a script for crashing browsers which was able to crash Opera and Mozilla, but never IE. The researcher who built the script also recommends IIS as a more secure alternative to Apache (no kidding).

It'd all be a very good laugh, if there wasn't a slight hint of FUD floating in the air...

Tin-foil hat: check! :D

StupidScript

9:45 pm on Oct 21, 2004 (gmt 0)

Trying the demos with MSIE produces the same results as with the tabbed browsers: the prompt prompts and the form field gains focus.

It's just that in a non-tabbing browser you probably won't see the prompt, as it's hidden behind the active window, and the form field focus prevents you from doing anything except reloading the trick page or closing that window instance.

The page warning of the prompt "issue" is a bit misleading when the result box is titled "Result: (The text you entered on the CitiBank site.)" when in fact you did not enter any information on the CitiBank site, but rather in their prompt window.

And these "vulnerabilities" extend to ANY script-enabled tabbing browser, not just the ones they listed.

Why do I get the feeling that Secunia is owned by MS? The list of "vulnerabilities" following the "demoonstration" links are all the same text, except for the browser manufacturers and versions. Nice to get a bunch of nasty links into the search engines. (And their IE6 vulnerability demo from 8-16-04 blows, too. Wasn't that tricky? Advice to overcome: Disable ActiveX or use a different browser. LOL!)

It IS generally good advice when browsing to not leave untrusted sites open anywhere when you go to a secure site where you will be entering valuable information. So that's a good thing to mention. But the fear-mongering can take a hike.

nalin

10:34 pm on Oct 21, 2004 (gmt 0)

Within the last week I saw a study in which one of the guys down in Redmond fed purposly randomly malformed html into IE, Firefox, Safari, Links, and Lynx. He found the IE alternatives to crash more.

I thought the study was rather ridiculous - comparable to generating random assembly language and testing it on various architectures to see which you could make crash first. Anything of the sort is going to cause problems - thats why code is generally written by people rather then a room full of monkeys. While I think something is to be said of fault tolerance - I tend to prefer the browser that can handle proper compliant input without crashing to the one that can hand jibberish but elsewhere faults regularly.

Hester

9:12 am on Oct 22, 2004 (gmt 0)

You mean this page?

[securityfocus.com...]

His concern was buffer over-runs and memory problems, which would then lead to possible hacking I think. So it could be something worthy of notice.