Subscribe | Newsletters | Contact Us
Follow us on twitter Find us on FacebookRSS
Tux Love »

« Security Alert : Phishers Slipping Past IE7 & Norton 360 | Main | Patent Pop Quiz »


Hot on the heels of the my last post, comes news of another major flaw in fully patched versions of IE6 and IE7, as well as an equally severe glitch in Firefox.

...a JavaScript flaw in fully patched IE 6 and 7...  can allow an attacker to fiddle with a document's Document Object Model—a model for representing HTML or XML and related formats.

The result can be cookie stealing or cookie resetting, browser crash, page hijacking, code injection or memory corruption.

The Firefox flaw is also in JavaScript:

[It] can lead to interception of keystrokes and content spoofing, among other things. Mozilla said that the flaw allows attackers to display "offensive, misleading or dangerous contents on trusted sites" or to spoof login prompts. An attacker can also track user behavior, such as timing when a victim arrived and departed at a site...


Full details here, along with demos.


Posted by Geoff Palmer on June 8, 2007 6:21 PM |

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Archives

Recent Posts

Subscribe
Newsletter & SubscriptionsPC World is New Zealand’s top selling computing and technology magazine.

It provides up-to-the-minute editorial, insight and buying advice for personal computing, cell phones, game consoles, digital entertainment and broadband.
» Subscribe now
SIGN UP
PCWorldUpdate
PC World's weekly round-up of tech news, gear and game reviews, software selections, and handy How Tos.
» Sign up now

PC World Blogs

Tux Love
> Beginning Linux - Part I
Hot Products
> iPhone 4S launch pics and unboxing
Dumb Terminal Live!
> New Zealand memes: We think we're real funny
The Arcade
> Shut up and take my money: Uncharted developers debut awesome-looking new IP
Tech Guy
> The mixed legacy of Steve Jobs
In a Nutshell
> What's in a CPU name?
Harley O'Gyver
> Braver than a barrel of codemonkeys
Subscribe to this PC World feed