Drive-by-cache, drive-by-download, we have seen many vulnerabilities in the past that affect modern browsers and can create havoc for the users. According Mr Michal Zalewski, a security researcher working at Google,a serious vulnerability were found in browser giants Firefox, IE and Chrome. The attackers could take advantage of a widely supported feature that allows a document loaded in one instance of a Web browser to point other active browser windows to arbitrary URLs. The feature also allows a malicious Web page to push a download to a target window that is open to another domain using the widely supported Content-Disposition: attachment header feature. He explains hoow most popular browsers do a poor job of indicating to users that the download does not come from the domain they have browsed to,if they inform them at all. Misuse of that feature could support sophisticated Web based attacks in which rogue downloads are seemingly launched from legitimate sites. He has also drafted a proof of concept attack in which a button on one Web page seems to launch a download of an Adobe Flash Player update from the official Flash Player download site. In fact, the download is a fake pushed by Mr Zalewski, not actually by Adobe. He also added that the problem also poses an interesting challenge to sites that frame gadgets, games, or advertisements from third-party sources; even HTML5 sandboxed frames permit the initiation of rogue downloads
After the notification, Microsoft, Google and Mozilla Foundation have all acknowledged the hole. Google plans a fix for it, but hasn’t indicated when it might be available. Microsoft said that it will not address the issue with a security patch for current versions of IE, which suggests that it may address it as a feature in forthcoming IE releases. Also, the Mozilla Foundation hasn’t made any declaration for fixing the security. The issue seems to be critical and should be fixed soon as to avoid growing cyber crime scenarios. A blog post by the researcher can be read from here.
