We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Critical bugs found in Firefox and IE

Internet Explorer flaw could 'collapse' browser

A security researcher has uncovered four bugs in web browsers. Two of the vulnerabilities affect Mozilla's open-source Firefox browser, and two flaws have been found in IE (Internet Explorer). Update: Microsoft fixes four critical Windows flaws

The flaws were discovered by security researcher Michael Zalewski. He then posted examples of each on the Full-disclosure mailing list for browser vulnerabilities.

More: Mozilla confused over Firefox flaws

One of the bugs regarded as critical is found in Internet Explorer 6.0 and IE7. Zawelski said the flaw gave hackers a window through which they could run malicious JavaScript to hijack a PC. Zawelski also compared the Internet Explorer vulnerability to a browser 'collapsing'.

Although Firefox is not at risk from the Internet Explorer bugs, Zawelski found two other vulnerabilities, one of which was considered major. Attackers could intercept keystrokes or insert malicious content into a legitimate website due to an IFrame vulnerability in Firefox 2.0. A patch Firefox manufacturer Mozilla issued had been unsuccessful in solving this Firefox problem when it was uncovered last year.

The other two bugs found are less critical. The less-important Firefox vulnerability could enable unauthorised downloads of execution files.

A bar-spoofing flaw found in Internet Explorer 6.0 could enable hackers to mimic a site by spoofing the URL bar, page information and SSL certificates.

The bugs have been brought to Mozilla’s attention and been posted on the Bugzilla website, Mozilla’s bug-tracking system.

Although Microsoft is unaware of any ongoing attacks due to the Internet Explorer flaws, the company is investigating Zalewski’s claims over the IE vulnerabilities. It may be necessary for Microsoft to issue a security advisor or provide a security update.

See also Firefox and Google combine to block malware

Get the latest PC security news, reviews and downloads here

IDG UK Sites

Samsung Galaxy S6 launch as it happened: Galaxy S6 launch video and live blog - watch again as...

IDG UK Sites

5 things we hate about MWC: What it's like to be a journalist at a technology trade show

IDG UK Sites

Interview: Lauren Currie aims to help design students bridge skills gap

IDG UK Sites

12in Retina MacBook Air release date rumours: new MacBook Air to have fingerprint ID, could launch...