Tweet
By good news, I actually of course mean very bad news. Researchers are raising alert of a new browser exploit that's being touted as "very, freaking scary." This article was posted earlier today on ZDNet.com. Worth a read as it affects almost all major browsers being used.
Clickjacking: Researchers raise alert for scary new cross-browser exploit
Later, ZDNet.com posted an update with an email from NoScript creator, Giorgio Maone, who had this to say:
Firefox + NoScript vs Clickjacking
So essentially, while it will affect any default installation of FF, using NoScript (like you should be anyway) seems to block the issue anyway. Those using not firefox, good luck I guess.
______________________________
Wow. Apparently no one really cares about this shit other than me.
Confused.
Clickjacking: Researchers raise alert for scary new cross-browser exploit
Later, ZDNet.com posted an update with an email from NoScript creator, Giorgio Maone, who had this to say:
Hi Ryan, I’ve seen a lot of speculation and confusion in the comments to your Clickjacking article about NoScript not being able to mitigate [the issue].
I had access to detailed information about how this attack works and I can tell you the following:
Giorgio
I had access to detailed information about how this attack works and I can tell you the following:
- It’s really scary
- NoScript in its default configuration can defeat most of the possible attack scenarios (i.e. the most practical, effective and dangerous) — see this comment by Jeremiah Grossman himself.
- For 100% protection by NoScript, you need to check the “Plugins|Forbid <IFRAME>†option.
Giorgio
So essentially, while it will affect any default installation of FF, using NoScript (like you should be anyway) seems to block the issue anyway. Those using not firefox, good luck I guess.
______________________________
Wow. Apparently no one really cares about this shit other than me.
Confused.
Comment