Date: Thu, 18 Feb 1999 10:36:49 PST
From: Robert Thomas 
To: BUGTRAQ@netspace.org
Subject: Re: Netscape Communicator window spoofing bug

-Junk deleted-

This was reported back in the November, December time frame by
secureexperts.com as a frame spoof bug.  MS came up with a lame patch
for IE (that didn't work for all cases BTW).  The solution to this was
provided to a US Government Agency by a contractor.  The agency has a
high public trust and visibility and this was a concern.  Any questions
can be addressed to krawls@erols.com.  The consultant came up with the
following:

On the page being called up in the window i.e. the page
to be protected should contain the following (frames or not):






In the framed page add the onUnload command:

    Source: geocities.com/dharan6/library/hack99

               ( geocities.com/dharan6/library)                   ( geocities.com/dharan6)