Spoofed Flaws in the Web Browsers
As per the news by heise-security.co.in July 16, 2007, security expert, Michael Zalewski, said that new flaws have been found in IE and Firefox. Further, the hackers can misuse these holes through URL spoofing. Konqueror and Opera are reported to have such flaws.
Senior director of market strategy at Patchlink, Paul Zimski, said that Mozilla is still working on the problem and meanwhile, companies should adopt a constructive approach to lower the amount of risk by suggesting the users to visit only trusted sites, as published by Vnunet.com on July 13, 2007.
Through Fire fox, web pages can use content in browser cache through URIs. Though the access to this browser is strictly prohibited, various ways have already been introduced to surpass it.
As per the news by Vnunet.com, Zimski said that companies should tackle the active scripting inside the Java Browser in order to restrict the visit of users to exploited sites. He added that there are exactly three patches that the administrators of IT have to settle down, but the companies should categorize and deploy the flaw immediately for this exploit when it is released.
Both Konqueror and Opera have some flaws which can be used to view arbitrary material through specially crafted URLs. This problem can arise when handling "data" URLs, which, in turn, can be used by hackers to spoof the URL by fooling a user into clicking on a specially designed link. Further, Opera's weakness results in exploited harmful websites and enables to conduct phishing and spoofing attacks.
Robert Swiecki, security researcher, has disclosed a vulnerability in these browsers, which comes into the form while depicting data: URIs. It allows the web pages to slot in content like images directly into HTML code. The bugs activated as soon as address line is shown while such web pages are processed may cause the concerned browsers to reveal the last characters of address. The URI are padded with whitespaces to make it appear more genuine.
Related article: September Suffers Sky-high Phishing & Virus Attacks
» SPAMfighter News - 27-07-2007