Browser Bug Tricks Users Into Trusting Bogus Pop-UpsBrowser Bug Tricks Users Into Trusting Bogus Pop-Ups

A European security vendor warned Wednesday that most browsers sport a bug that hackers can exploit to spoof a Web site and trick users into trusting bogus pop-up windows.

The vulnerability, which Danish security firm Secunia rated as "moderately critical" is similar to previous bugs in browsers that was disclosed in July and September of 2004. Attackers could use it to add content into a trusted Web site's window by, for instance, inserting a fake form in a pop-up window seemingly opened by that site.

Affected browsers, said Secunia, include the popular Internet Explorer and the up-and-coming Firefox, as well as third-tier alternatives like Mozilla, Opera, Apple's Safari, and the open-source Konqueror.

IE 5.01, 5.5, and 6.x are vulnerable, claimed Secunia, and the "vulnerability has been confirmed on a fully patched system with Microsoft Windows XP SP1/SP2."

While flaws in Windows XP Service Pack 2 (SP2) are rare, some have been reported since the Microsoft released the security update in October.

Secunia has posted a test that users can run on their browser to determine if it's plagued by the bug.