Tabbed Browsing – Security Risk
One of the newest and most popular additions to Web browers has been the onset of tabbed browsing, allowing multiple Web sites to be open in one browser window. It turns out that all browsers with this feature overlooked some key security concerns.
In this article at News.com, security company Secunia released this security advisory regarding the behavior of tabbed browsers, specifically Mozilla (including Firefox), Konqueror, and Opera. Though Safari wasn’t mentioned specifically, since it is based on Konqueror’s KHTML engine, the problem is likely present in Safari as well. Only Internet Explorer plugins supporting tabbed browsing are affected.
This security flaw allows a Web site in one tab to access information on a Web site in another tab, also allowing a site to pop up a dialog that appears to originate from a different tab. The latest version of Konqueror, released yesterday, fixes the problem. The Mozilla Foundation has promised that this flaw will be fixed before the final 1.0 release of Firefox. There is no news on when this flaw will be fixed in Opera.
Disclaimer: Any viewpoints and opinions expressed in this article are those of Nicholas C. Zakas and do not, in any way, reflect those of my employer, my colleagues, Wrox Publishing, O'Reilly Publishing, or anyone else. I speak only for myself, not for them.