Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Firefox, IE Affected By Zero Day Flaws

According to the news by Search security on June 5, 2007, Vulnerability Researcher Michael Zalewski has come up with complete details of four fresh zero day flaws in Internet Explorer (IE) and Firefox, which could be misused to steal cookies, download malware or log keystrokes.

According to the news in Itweek on June 5, 2007, Michael Zalewski - security researcher - has highlighted two mistakes within both the browsers in a posting to the Full Disclosure mailing list.

According to the news in Search security on June 5, 2007, Zalewski wrote, the first flaw attacks IE 6 and 7. When the code of JavaScript orders IE 6/7 to direct away from a page that meets on the same realm policy (therefore can be used by the attackers) to a third party site, there is a window of opportunity for the simultaneously executed JavaScript for conducting actions with the order of the old page, but the content is for fresh and new loaded page.

According to Secunia, the security firms, this year, almost same kind of worms have affected Firefox and IE, but IE has been captured by more serious viruses than Firefox. According to a report, Mozilla claims that Firefox 2.0.0.4 and 1.5.0.12 update releases had worms that can permit the use of remote system.

As per the news by Search security on June 5, 2007, Zalewski wrote, that about a series of focus operations that could be used for surpassing delay timers marked on certain Firefox confirmation dialog, enabling the hacker to download file without the consent of the user. It also has a flaw that can lead to the exploitation of confirmation dialog.

According to the CSO online on June 5, 2007, Mozilla said that some of these problems showed the proof of corruption of memory under some situations and, moreover, some of these could be misused to run arbitrary code.

According to the news published by Search security on June 5, 2007, Zalewski added that Firefox has a JavaScript flaw and it can be used to insert deadly codes comprising of key snooping event-handlers on web pages that depend on IFRAMEs for displaying the contents, communicating with server, and loading data.

According to CSO online on June 5, 2007, last week Mozilla foundation made an announcement that it had settled several flaws in Firefox browser and viruses in the Thunderbird and SeaMonkey system.

Related article: Firefox Gets Vulnerable With JavaScript

ยป SPAMfighter News - 6/19/2007

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next