Web Browsers Too Have Security Exploits

All the Web browsers have some degree of vulnerability, as all of them have to work with malicious code circulating within its operating systems. Although there is some progress in closing security gaps like frequent release of patches by Mozilla and Microsoft, yet these actions are useless if the attack arm is a 'zero-day' exploit.

When it comes to vulnerabilities embedded in browsers, Web surfing is just as unsafe as driving a vehicle in a minefield with eyes covered. . Internet users are sure to fall in the grip of attackers at some time or the other. The risks of malware infection, phishing attacks and identity thefts are always high for Web surfers.

Browsers, which work by tabbing, allow users to open multiple pages on a single browser window. The pages can be brought on top of each other by tabbing back and forth. Web users who are attacked through these browsers can have serious implications. It exposes every item of information that the user enters, such as password or credit card numbers etc.

As said by Whitehat Security's Founder and CTO, Jeremiah Grossman to 'TechNewsWorld', all browsers have gaps that are susceptible to exploitation. What is important is to recognize the one, which is least susceptible to hacks.
With respect to the access to vulnerabilities, Firefox and Internet Explorer are almost same, says Shimon Gruper, 'vice president of technologies' for "Alladin eSafe Business Unit'. He explains that the only difference is that ActiveX is not used by Firefox.

Other browsers provide ways to bypass browser flaws, but don't resolve the security risk inherent in it. In fact, alternatives may set a false security alarm to some users.

Users can lower the degree of vulnerability in Internet Explorer by disabling JavaScript and Microsoft's ActiveX features. The result is, of course, limited or no visibility of some web sites.

Browser threats must be set right. For that, the industry needs to make a concerted effort to redefine operating limits for software running on a system. There should be more security in application code with well-defined restrictions and privileges.

Related article: Web 2.0 Sites Could Produce Malicious Code

» SPAMfighter News - 10/19/2006