The affected software includes versions of Mozilla, Mozilla Firefox, Netscape, Opera, Konqueror, Camino, Avant Browser, and Maxthon. Internet Explorer is not affected.
Secunia describes the two discovered vulnerabilities as "Vulnerability A" and "Vulnerability B". In Vulnerability "A", Secunia reports that "It is possible for a inactive tab to spawn dialog boxes e.g. the JavaScript "Prompt" box or the "Download dialog" box, even if the user is browsing/viewing a completely different web site in another tab." According to Secunia researchers, this could lead unsuspected users to react as if the spawned dialog came from the site they were currently viewing, causing them to take action they may not otherwise have taken.
In Vulnerability "B", Secunia researchers report that, "It is possible for a inactive tab to always gain focus on a form field in the inactive tab, even if the user is browsing/viewing a completely different web site in another tab." This could potentially cause sensitive form data to be sent to a non-trusted site or to a site other than the intended site.
Secunia has provided demonstrations of both exploits:
To avoid either vulnerability, Secunia recommends users either disable Javascript or avoid visiting untrusted and trusted websites at the same time.
