New vulnerabilities in Firefox and IE

Published at June 4, 2007   Filed Under Software    
, ,

Security researcher Michal Zalewski has posted four new vulnerabilities to the Full Disclosure mailing list. Out of these four, two will effect IE and two will effect Firefox. Out of the critical one is MSIE page update race condition and the next one is Firefox Cross-site IFRAME hijacking

MSIE page update race condition (CRITICAL)
“When Javascript code instructs MSIE6/7 to navigate away from a page that meets same-domain origin policy to an unrelated third-party site, there is a window of opportunity for concurrently executed Javascript to perform actions with the permissions for the old page. ()

Firefox Cross-site IFRAME hijacking (MAJOR)

Javascript can be used to inject malicious code, including key-snooping event handlers, on pages that rely on IFRAMEs to display contents or store state data / communicate with the server. (demo)

The other two are Firefox file prompt delay bypass MSIE6 URL bar spoofing.

Found via

feedIf you're new here, you may want to subscribe to my RSS feed or Email alerts. Thanks for visiting!

If you liked this post, feel free to subscribe to my RSS feed

You may also like to read...

Leave a Reply





« Apple iPhone launches on June 29th Make Money Online with Triond »