|
Information Security News
mailing list archives
Old bugs blight shiny new browsers
From: InfoSec News <alerts () infosecnews org>
Date: Tue, 31 Oct 2006 00:20:03 -0600 (CST)
http://www.theregister.co.uk/2006/10/30/ie_firefox_vulns/
By John Leyden
30th October 2006
An old security bug provides a way to crash Firefox 2.0, security
researchers have discovered. The memory corruption vulnerability
involving the handling of JavaScript code has been known about since
June 2006 and Firefox version 1.5.0.7 was supposed to fix the problem.
Despite this, Firefox 2.0 remains vulnerable to this issue. Due to code
reuse, other Mozilla products are also likely to be affected, a posting
on Bugtraq warns. The flaw might be used to inject hostile code into
vulnerable systems, but so far nothing more dangerous than an ability to
crash the browser has been demonstrated.
In other browser security news, security notification firm Secunia has
published details of another bug involving IE7. In default
configuration, IE7 is vulnerable to a Window Injection vulnerability
that previously hit IE6.
The flaw means it's possible for a malicious website to inject new
content into a popup window, which has been opened by a trusted site and
is thus potentially useful in phishing attacks.
"In IE7 this is mitigated by the address bar always being visible.
However, if this is combined with the IE7 'Popup Address Bar Spoofing
Weakness' issue from last week, the attack would be very convincing,"
Secunia CTO Thomas Kristensen said.
_________________________________
Visit the InfoSec News store!
http://www.shopinfosecnews.org
 By Date 
By Thread
Current thread:
- Old bugs blight shiny new browsers InfoSec News (Oct 30)
|
Intro
