Security testing
Scanit offers penetration tests, vulnerability assessments and web application audits.
Learn ethical hacking.
Scanit offers 5-day training on ethical hacking.

Internet Explorer bait & switch race condition (CVE-2007-3091)

Description

A race condition has been discovered in Internet Explorer's JavaScript engine. When JavaScript code changes the location of a window from the one in the same domain as JavaScript code to a one in a different domain, there is a short time frame when scripts in the first domain can access the data in the second domain, violating same origin policy.

It has been reported that Safari browser is also vulnerable to this problem.

This is a cross-domain scripting vulnerability. It can can allow a malicious web site to access your data on other web sites. For example, it can be used to read your mail from a web mail system.

Recommendations

There is no official patch available for this problem yet. As a workaround you can disable JavaScript (Active Scripting) in your browser.

References