|
Michal Zalewski has reported several browser bugs worth alerting on
The information was posted to the Full-Disclosure mailing list and has been reported on in Computer World: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9023043 Thanks to several readers that made sure we took note. Here is a brief summary of his report. Please refer to Full-Disclosure for more details: 1) Title : MSIE page update race condition (CRITICAL) Impact : cookie stealing / setting, page hijacking, memory corruption Affected : MSIE6 and MSIE7 2) Title : Firefox Cross-site IFRAME hijacking (MAJOR) Impact : keyboard snooping, content spoofing, etc Affected : Firefox 2.0 3) Title : Firefox file prompt delay bypass (MEDIUM) Impact : non-consentual download or execution of files Affected : Firefox v?.? 3) Title : MSIE6 URL bar spoofing (MEDIUM) Impact : mimicking an arbitrary site, possibly including SSL data Affected : MSIE6 Source: http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063712.html |
Robert 49 Posts |
| Subscribe |
Jun 4th 2007 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!
