ZDNet UK - Where Technology Means Business

ZDNet UK

CNET NETWORKS UK BUSINESS SITES:
atlarge.com
BNET UK
silicon.com
SmartPlanet.com
ZDNet.co.uk

Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007

You are here: ZDNet.co.uk > News > Security

Security threats Toolkit

IE and Firefox hit by bug

Dawn Kawamoto CNET News.com

Published: 30 Jun 2006 10:10 BST

Two new security flaws have been discovered in Microsoft's Internet Explorer, and one could also affect Mozilla's Firefox, security experts have warned.

Code for both the vulnerabilities has been published, but there have been no reports of attacks taking advantage of the flaws, the SANS Internet Storm Center, which monitors network threats, said in an advisory released on Wednesday.

The flaw that affects both IE and Firefox is related to the handling of a technology that is used to access documents delivered from one Web site to another, according to the advisory.

Attackers could exploit the IE or Firefox flaw using cross-site scripting, said Monty Ijzerman, senior manager of McAfee's Global Threat Group. That technique enables hackers to view the contents of one open browser from a second browser open on the user's system. The attackers, as a result, could swipe sensitive information, such as online banking data, from one of the sites showing.

"We consider this flaw less serious than the other IE flaw," Ijzerman said. "A user would have to have multiple browsers open, and the information on the site would have to be relevant to what the attacker wanted."

The second security hole is related to the way HTA applications are processed. A PC user could be tricked into double-clicking on a malicious file and remote code could be executed, Ijzerman said. An attacker could exploit the vulnerability to read files on a system or to install rootkits, which make system changes to hide another piece of possibly malicious software.

The two IE security flaws come as Microsoft releases its final beta version of IE 7, which is designed to offer more security features.

Microsoft said it is investigating the issues and has yet to hear of any attackers exploiting the reported vulnerabilities.

Mozilla was not immediately available for comment.

Did you find this article useful?
111 out of 239 people found this useful

Full Talkback thread

4 comments

The SANS site has been updated to say that Firefox... David Wright
Thx David. Arthur B.
Firefox is _NOT_ affected by this bug!!! Please... Anonymous
More disinformation from ZDNet. Please updat... Anonymous

Related Links

News Flaws in IE7 and Firefox raise alarm
News Web browser 'windows of exposure' shrink
News Exploit published for old Firefox flaw
News Mozilla patches Firefox flaw
Reviews New Year, old flaws in Windows and Internet Explorer

Most Recent
Most Popular
Most Discussed

More In Security threats

Company/Topic Alerts

Create a new alert from the list below:

Related Jobs

Mitel 3300 Field Engineer - Excellent cross training opportunities

Senior Project Manager - Banking - London -excellent package

Senior Flash/Actionscript developer:E-learning, Full life cycle- 40k

Install Flash Player Plugin

Nasa and the virus

Yesterday the BBC ran a story about a computer virus making it into orbit, which I read with incredulity. OK, it's a nice silly season story on the surface, but what really got me was... More

Customer data found on eBay server hig...

The recent news about customer details being retrieved from a server sold on eBay is yet another story about the sorry state of information security in the electronic age (see: http://news.zdnet.co.uk/...m).... More

Does it matter if you are an aardvark...

In spam terms, apparently it does. According to Cambridge University security expert Richard Clayton, if your email address is aardvark at animal.net, you are more likely to receive... More

Featured Oracle Resources

businessfirst: Ideas to help small companies retain their successful entrepreneurial spirit

Oracle ONE Magazine: Technology solutions for midsized businesses February 2008 edition

Choosing a Reliable and Powerful IT Infrastructure at a Price You Can Afford

Database Consolidation: Reducing Cost and Complexity

Ensuring Data Protection for Growing Business

Oracle for medium and emerging businesses: protect, strengthen and enhance your organisation

Oracle partner network solutions catalogue

See All White Papers

Skip Sub Navigation Links to CNET Brand Links

About CNET Networks UK

Copyright © 1995-2008 CNET Networks, Inc. All rights reserved