Firefox and IE Zero Days
Michal Zalewski has reported several browser bugs worth alerting on
The information was posted to the Full-Disclosure mailing list and has been reported on in Computer World:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9023043
Thanks to several readers that made sure we took note.
Here is a brief summary of his report. Please refer to Full-Disclosure for more details:
1) Title : MSIE page update race condition (CRITICAL)
Impact : cookie stealing / setting, page hijacking, memory corruption
Affected : MSIE6 and MSIE7
2) Title : Firefox Cross-site IFRAME hijacking (MAJOR)
Impact : keyboard snooping, content spoofing, etc
Affected : Firefox 2.0
3) Title : Firefox file prompt delay bypass (MEDIUM)
Impact : non-consentual download or execution of files
Affected : Firefox v?.?
3) Title : MSIE6 URL bar spoofing (MEDIUM)
Impact : mimicking an arbitrary site, possibly including SSL data
Affected : MSIE6
Source:
http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063712.html
The information was posted to the Full-Disclosure mailing list and has been reported on in Computer World:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9023043
Thanks to several readers that made sure we took note.
Here is a brief summary of his report. Please refer to Full-Disclosure for more details:
1) Title : MSIE page update race condition (CRITICAL)
Impact : cookie stealing / setting, page hijacking, memory corruption
Affected : MSIE6 and MSIE7
2) Title : Firefox Cross-site IFRAME hijacking (MAJOR)
Impact : keyboard snooping, content spoofing, etc
Affected : Firefox 2.0
3) Title : Firefox file prompt delay bypass (MEDIUM)
Impact : non-consentual download or execution of files
Affected : Firefox v?.?
3) Title : MSIE6 URL bar spoofing (MEDIUM)
Impact : mimicking an arbitrary site, possibly including SSL data
Affected : MSIE6
Source:
http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063712.html
Keywords:
0 comment(s)
×
Diary Archives
Comments