NOW READ THIS
("Security Advisory")

Go Back

---

Submitted by: Bill Hickey
NCVA List Master

NRT-0199 Browser Bugs Disclosed in Firefox and IE7:

Security researchers have warned of new vulnerabilities in Mozilla's Firefox and Microsoft's Internet Explorer. Security researcher Michal Zalewski outlined two vulnerabilities in each of the popular browsers that could allow attackers to overwrite the URL bar or steal user data and remotely download and execute code. The most serious of the Internet Explorer (IE) flaws could allow an attacker to steal cookie files, inject malicious code into web pages and steal sensitive information, according to Zalewski. The second flaw, which only affects IE6 and is said to pose less of a risk, could allow an attacker to spoof Internet Explorer's URL bar and possibly disguise a phishing or scam site as a trusted web site. Zalewski said that the more important of the two Firefox flaws could allow an attacker to inject malicious JavaScript code to log keystrokes. This vulnerability was confirmed to be a variant of a previously reported flaw on Mozilla's Bugzilla reporting service. The second reported vulnerability takes advantage of the way Firefox handles confirmation dialog boxes and could allow an attacker to download and execute software without the user's knowledge.

(www.vnunet.com 05JUN07)

Last Modified: Tuesday, 12-Jun-2007 19:08:47 EDT