icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Netscape < 7.2 Cross-domain Window Injection

Low

Synopsis

The remote browser allows attackers to spoof popup windows.

Description

The remote host is using the Netscape 7 web browser. There is a flaw in this version of Netscape browser that allows an attacker to spoof popup windows from trusted hosts. An attacker exploiting this flaw would need to be able to entice a user to browse a malicious website while browsing a trusted site in another browser window. These sort of attacks are commonly referred to as 'Phishing' attacks.

Solution

Upgrade to Netscape 7.2 or higher.