Advertisement
Promo

Security threats Toolkit

IE and Firefox hit by bug

Dawn Kawamoto CNET News

Published: 30 Jun 2006 10:10 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Two new security flaws have been discovered in Microsoft's Internet Explorer, and one could also affect Mozilla's Firefox, security experts have warned.

Code for both the vulnerabilities has been published, but there have been no reports of attacks taking advantage of the flaws, the SANS Internet Storm Center, which monitors network threats, said in an advisory released on Wednesday.

The flaw that affects both IE and Firefox is related to the handling of a technology that is used to access documents delivered from one Web site to another, according to the advisory.

Attackers could exploit the IE or Firefox flaw using cross-site scripting, said Monty Ijzerman, senior manager of McAfee's Global Threat Group. That technique enables hackers to view the contents of one open browser from a second browser open on the user's system. The attackers, as a result, could swipe sensitive information, such as online banking data, from one of the sites showing.

"We consider this flaw less serious than the other IE flaw," Ijzerman said. "A user would have to have multiple browsers open, and the information on the site would have to be relevant to what the attacker wanted."

The second security hole is related to the way HTA applications are processed. A PC user could be tricked into double-clicking on a malicious file and remote code could be executed, Ijzerman said. An attacker could exploit the vulnerability to read files on a system or to install rootkits, which make system changes to hide another piece of possibly malicious software.

The two IE security flaws come as Microsoft releases its final beta version of IE 7, which is designed to offer more security features.

Microsoft said it is investigating the issues and has yet to hear of any attackers exploiting the reported vulnerabilities.

Mozilla was not immediately available for comment.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
113 out of 241 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

4 comments

  1. The SANS site has been updated to say that Firefox... David Wright
  2. Thx David. Arthur B.
  3. Firefox is _NOT_ affected by this bug!!! Please... Anonymous
  4. More disinformation from ZDNet. Please updat... Anonymous

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:









Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Authentication risks all too human

Risks to successful online banking identification and authentication using smartcards involve a mixture of human and technological factors, according to the European Network and Information... More

1 comment

Opera censors Chinese content

Opera has updated the Chinese version of its mobile browser to stop users accessing restricted content. Opera Mini was updated on Friday from an international to a Chinese version,... More

2 comments

Symantec website breached

Security company Symantec has said that one of its websites was successfully breached. Romanian security researcher 'Unu' posted details of the breach in a blog post on Monday. Unu... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters