NEWS CATEGORIES:

NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>

Home / News / Microsoft

Microsoft

IE7 and Firefox 2.0 Share Vulnerabilities Exploits require user interaction	By Marius Oiaga, Technology News Editor 19th of February 2007, 10:59 GMT Adjust text size:


Internet Explorer 7 and Firefox 2.0 share a logic flaw. The issue is actually more severe, as the two versions of the Microsoft and Mozilla browsers are not the only ones affected. In this regard, the vulnerability impacts Internet Explorer 5.01, Internet Explorer 6 and Internet Explorer 7 but also Firefox 1.5.0.9. Microsoft has stressed the fact that IE7 on Windows Vista is not affected in any manner. "In all modern browsers, form fields (used to upload user-specified files to a remote server) enjoy some added protection meant to prevent scripts from arbitrarily choosing local files to be sent, and automatically submitting the form without user knowledge. For example, ".value" parameter cannot be set or changed, and any changes to .type reset the contents of the field," said Michal Zalewski, the person that discovered the IE7 flaw. User interaction is a must if both vulnerabilities are to be successfully exploited. In this context, the user would have to enter text in malformed areas on a web page, either from IE or Firefox. Zalewski explained that the keyboard input in unrelated locations can be selectively geared toward input fields by the attacker. In order to access the demonstration of the IE7 vulnerability click here. A similar demonstration for Firefox can be found here. "Both examples are Windows-specific, and require C:BOOT.INI to exist and be readable by users. The attack itself is not limited to a particular operating system, but I decided to provide a demonstration for the most popular desktop OS - *nix versions that access /etc/hosts or /etc/passwd are easy to develop," Zalewski added.

Rating:

Good (3.3/5)

11 vote(s) so far

Read by 18,707 user(s) | Add comment | Link to this article

Subscribe to news |

Print article |

Send to friend

SEARCH THE NEWS ARCHIVE :

Today's News | Yesterday's News | News Archive

MORE RELATED ARTICLES:

IE 7 Global Usage Share Grows to 10.97%

Download Thunderbird 2.0 Beta 2

Internet Explorer 7 Feeds Plus

Microsoft Not Happy with Its Search Performance

Highly Critical Microsoft Word Zero-Day

Internet Explorer 8 Feature Survey Email

Microsoft Confirms Word 2000 Zero-Day

Internet Explorer 8.0 Available for Download on Peer-to-Peer Networks

The First Security Vulnerability in Internet Explorer 7

Microsoft Contracts Web Standards Evangelist

It's Raining Word Vulnerabilities

Targeted Attack Scenario via a Microsoft Vulnerability

Microsoft Updates the IE7 Phishing Filter

Microsoft Vulnerabilities in the Front Row at Super Bowl

IE7 - the First Browser to Support EV SSL Certificates

Internet Explorer 7 Blocks 1 Million Phishing Attacks Per Week

Microsoft Revamped IE Add-ons

Microsoft's 12 Valentine Security Patches

Gran Paradiso Alpha 2 Is Way Ahead of Internet Explorer 8.0

IE7 Security Features Should, In Theory, Protect the Computer?

Internet Explorer 7 - Scarred By Vulnerabilities

IE7 Mark of The Web

User opinions:

No user comments yet.

Be the first to express your opinion using the form below!

Share your opinion:

SUBMIT PROGRAM \| ADVERTISE \| GET HELP \| SEND US FEEDBACK \| RSS FEEDS \| ENTER NEWS SITE \| ENGLISH BOARD \| ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved. Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.	Copyright Information \| Privacy Policy \| Terms of Use \| Update your software \| Archive

NEWS CATEGORIES:

Microsoft

IE7 and Firefox 2.0 Share Vulnerabilities

Exploits require user interaction

Share, bookmark, add

SEARCH THE NEWS ARCHIVE :

MORE RELATED ARTICLES:

User opinions:

Share your opinion: