 Current issue
 Forum & Community
 OneKit's Software
 Submit software
|
links
about / contact us
|
|
|||
|
||||
|
home
links
about / contact us
|
||||
| Games | Graphics & Design | MP3 & Audio | Internet & Networks | System & Utilities | Home & Education | Business | WebDev | SoftDev |
| Reviews & Articles :: IE and Firefox hit by bug | ||||||||
| Issue: July 2006 > Internet & Networks > Article "IE and Firefox hit by bug" | |||
|
|||
 |
|||
Newly discovered security flaws affect the two most popular Internet browsers
Two new security flaws have been discovered in Microsoft's Internet Explorer, and one could also affect Mozilla's Firefox, security experts have warned. Code for both the vulnerabilities has been published, but there have been no reports of attacks taking advantage of the flaws, the SANS Internet Storm Center, which monitors network threats, said in an advisory released on Wednesday. The flaw that affects both IE and Firefox is related to the handling of a technology that is used to access documents delivered from one Web site to another, according to the advisory. Attackers could exploit the IE or Firefox flaw using cross-site scripting, said Monty Ijzerman, senior manager of McAfee's Global Threat Group. That technique enables hackers to view the contents of one open browser from a second browser open on the user's system. The attackers, as a result, could swipe sensitive information, such as online banking data, from one of the sites showing. "We consider this flaw less serious than the other IE flaw," Ijzerman said. "A user would have to have multiple browsers open, and the information on the site would have to be relevant to what the attacker wanted." The second security hole is related to the way HTA applications are processed. A PC user could be tricked into double-clicking on a malicious file and remote code could be executed, Ijzerman said. An attacker could exploit the vulnerability to read files on a system or to install rootkits, which make system changes to hide another piece of possibly malicious software. The two IE security flaws come as Microsoft releases its final beta version of IE 7, which is designed to offer more security features. Microsoft said it is investigating the issues and has yet to hear of any attackers exploiting the reported vulnerabilities. Mozilla was not immediately available for comment. Related Links:
July 1, 2006
Author: Dawn Kawamoto |
|
|
Copyright 2003-2008 - Software Magazine, onekit.com, Legal Notices
You can help improve OneKIT and boomerang will come back.
|
|||||
|
|||||
| Sponsored links: Shareware downloads | Hard Drive Recovery | Firevector |
IE and Firefox hit by bug
