|
|
Video Games & Electronics Whether your system is PC, PS3, Wii, or X-Box 360 we have your online discussion here. Also discuss today's latest gizmos and gadgets like cell phones, mp3 players, and more. |
|
| Welcome to the Wrestling Clique Wrestling Forums. |
![]() | ![]() |
![]() |
|
| | LinkBack | Thread Tools | Display Modes |
| | #1 (permalink) | |
|
Super Moderator
Rock out wit cha Knockout
Status:
Online
Join Date: Feb 2006 Location: Dublin, Ireland
Posts: 8,420
vBookie Cash: 300000
Rep Power: 44 ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() | IE/Firefox bugs found A noted security researcher disclosed four new zero-day vulnerabilities in Microsoft and Mozilla's browsers, including a critical flaw in Internet Explorer (IE) and a major bug in Firefox. Michael Zalewski, who regularly publishes browser flaw findings, posted details on the Full-disclosure mailing list for cookie-stealing, keystroke-snooping, malicious downloading and site-spoofing bugs. The most serious of the four, said Zalewski, is an IE6 and IE7 flaw he rated "critical." Dubbing it a "bait-and-switch" vulnerability, he said that the Microsoft browser gives hackers a window of opportunity to run malicious Javascript to hijack the PC. "The entire security model of the browser collapses like a house of cards and renders you vulnerable to a plethora of nasty attacks," Zalewski claimed in notes that accompanied a demonstration of the IE bug. Up-to-date IE6 and IE7 are both at risk, he said, although Firefox is not. But Mozilla's browser also suffered at Zalewski's hands. A new IFrame vulnerability in Firefox 2.0 can let attackers plant keyloggers or drop malicious content into a legitimate web site. The flaw, rated as "major," is related to a similar bug discovered last year; although Mozilla patched that problem, Zalewski said the fix hadn't plugged all the holes. Zalewski posted information about two other bugs, both rated "medium." A Firefox vulnerability could lead to unauthorised downloads, while IE6 is open to yet another address bar-spoofing flaw. "IE7 is not affected because of certain high-level changes in the browser," Zalewski said of the fourth vulnerability. Mozilla is aware of both Firefox bugs — they have been posted to its Bugzilla management system — and a Microsoft spokeswoman said the company's security team is looking into Zalewski's claims. "Upon completion of this investigation, Microsoft will take the appropriate action, which may include issuing a security advisory or providing a security update," she added. Microsoft also said it knows of no ongoing attacks using the vulnerabilities. So much for Firefox being invincable like so many claim it to be. | |
![]() ![]() | ||
|
| | #2 (permalink) | |
|
Founder/Admin
Yeah, That Simone
Status: Offline
Join Date: May 2003 Location: City of Champions
Posts: 19,912
vBookie Cash: 114666
Rep Power: 71 ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() gXboxLive Leaderboard: 37th | Re: IE/Firefox bugs found Thanks for posting this. IE7 is the biggest pile of shit (except some features which are nice) but overall its functionality blows my left nut | |
| | ||
|
| | #3 (permalink) | |
|
Administrator
I Ain't Got Time to Bleed
Status:
Online
Join Date: Nov 2004 Location: Washington State
Posts: 14,872
vBookie Cash: 999
Rep Power: 49 ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() gXboxLive Leaderboard: 15th | Re: IE/Firefox bugs found | |
| | ||
|