A security researcher has uncovered four bugs in web browsers. Two of the vulnerabilities affect Mozilla's open-source Firefox browser, and two flaws have been found in IE (Internet Explorer). Update: Microsoft fixes four critical Windows flaws
Internet Explorer flaw could 'collapse' browser
The flaws were discovered by security researcher Michael Zalewski. He then posted examples of each on the Full-disclosure mailing list for browser vulnerabilities.
More: Mozilla confused over Firefox flaws
One of the bugs regarded as critical is found in Internet Explorer 6.0 and IE7. Zawelski said the flaw gave hackers a window through which they could run malicious JavaScript to hijack a PC. Zawelski also compared the Internet Explorer vulnerability to a browser 'collapsing'.
Although Firefox is not at risk from the Internet Explorer bugs, Zawelski found two other vulnerabilities, one of which was considered major. Attackers could intercept keystrokes or insert malicious content into a legitimate website due to an IFrame vulnerability in Firefox 2.0. A patch Firefox manufacturer Mozilla issued had been unsuccessful in solving this Firefox problem when it was uncovered last year.
The other two bugs found are less critical. The less-important Firefox vulnerability could enable unauthorised downloads of execution files.
A bar-spoofing flaw found in Internet Explorer 6.0 could enable hackers to mimic a site by spoofing the URL bar, page information and SSL certificates.
The bugs have been brought to Mozilla’s attention and been posted on the Bugzilla website, Mozilla’s bug-tracking system.
Although Microsoft is unaware of any ongoing attacks due to the Internet Explorer flaws, the company is investigating Zalewski’s claims over the IE vulnerabilities. It may be necessary for Microsoft to issue a security advisor or provide a security update.
Comments
5 minutes said: I use Firefox so this worries me as I moved away from explorer for better security as the new 7 coursed loads of problems for me I had to do a repair on my XP home
AAS said: e2qM1c Hey there is what you need
The Way of the World said: If a fast food company can be sued because its hot food is er hot
Harry said: Perhaps the car analogy is a good one It seems to me its like Ford producing a car with windows Windows can be opened for ventilation etc quite properly However someone could throw a bomb into your car through an open window while youre driving What youre saying is that the IT company should be castigated for making faulty cars because someone threw in a bomb that blew up your car Cars have this defect too Have you sued Ford GM Nissan Toyota yet Hurry Hurry
skuds said: hay we get updates for free perhaps if we paid for them we could complain about the speed at which they come out otherwise go and complain to the hackers that cause the problems in the first place
Arthur Bridges said: Its hardly fair to compare IT companies with car manufacturers The former are plagued by third parties trying to destroy their otherwise safe and reliable products car manufacturers build-in their products defects and should therefore pay for their negligence We can however complain that companies like MS are too slow to counter problems with their products when these are plainly pointed out to them
Arthur Bridges said: Its hardly fair to compare IT companies with car manufacturers The former are plagued by third parties trying to destroy their otherwise safe and reliable products car manufacturers build-in their products defects and should therefore pay for their negligence We can however complain that companies like MS are too slow to counter problems with their products when these are plainly pointed out to them
Alan Bowman said: Is there no way that IT companies can be made to produce A1 products If Ford produce a car that causes accidents they have to recall it and compensate - why are IT companies allowed to get away with similar defects What can we do to make them toe the line