Firefox, IE Affected By Zero Day Flaws

According to the news by Search security on June 5, 2007, Vulnerability Researcher Michael Zalewski has come up with complete details of four fresh zero day flaws in Internet Explorer (IE) and Firefox, which could be misused to steal cookies, download malware or log keystrokes.

According to the news in Itweek on June 5, 2007, Michael Zalewski - security researcher - has highlighted two mistakes within both the browsers in a posting to the Full Disclosure mailing list.

According to the news in Search security on June 5, 2007, Zalewski wrote, the first flaw attacks IE 6 and 7. When the code of JavaScript orders IE 6/7 to direct away from a page that meets on the same realm policy (therefore can be used by the attackers) to a third party site, there is a window of opportunity for the simultaneously executed JavaScript for conducting actions with the order of the old page, but the content is for fresh and new loaded page.

According to Secunia, the security firms, this year, almost same kind of worms have affected Firefox and IE, but IE has been captured by more serious viruses than Firefox. According to a report, Mozilla claims that Firefox 2.0.0.4 and 1.5.0.12 update releases had worms that can permit the use of remote system.

As per the news by Search security on June 5, 2007, Zalewski wrote, that about a series of focus operations that could be used for surpassing delay timers marked on certain Firefox confirmation dialog, enabling the hacker to download file without the consent of the user. It also has a flaw that can lead to the exploitation of confirmation dialog.

According to the CSO online on June 5, 2007, Mozilla said that some of these problems showed the proof of corruption of memory under some situations and, moreover, some of these could be misused to run arbitrary code.

According to the news published by Search security on June 5, 2007, Zalewski added that Firefox has a JavaScript flaw and it can be used to insert deadly codes comprising of key snooping event-handlers on web pages that depend on IFRAMEs for displaying the contents, communicating with server, and loading data.

According to CSO online on June 5, 2007, last week Mozilla foundation made an announcement that it had settled several flaws in Firefox browser and viruses in the Thunderbird and SeaMonkey system.

Related article: Firefox Gets Vulnerable With JavaScript

» SPAMfighter News - 6/19/2007