Internet Explorer

New Breed of Threats Cooking for IE8 and Firefox 3.0

Claims Sophos

By Marius Oiaga, Technology News Editor

24th of March 2008, 17:56 GMT

Adjust text size:

The next versions of the open source Firefox and the proprietary Internet Explorer browsers are set to bring to the table support for new web standards, with part of the focus being grabbed by HTML 5. Both Internet Explorer 8 and Firefox 3.0 will be designed to play well with HTML 5, and in this context, security company Sophos warned that users would become exposed to new risks. This because the new features, introduced by HTML 5

and supported by IE8 and Firefox 3.0, will signal the start of a new breed of threats that will be tailored on the next iterations of the two browsers. Sophos pointed out that the provision for client-side storage will appeal to attackers in particular.

"Historically something of a bugbear, data storage on the client gets some attention in HTML 5. Simple, structured data can now be stored using sessionStorage and localStorage attributes. Only pages from the same origin, in the same window can access sessionStorage data, whereas localStorage data is designed to be accessed across windows, and between sessions (with the same. For those interested in user-tracking, these new storage attributes are attractive. The specification does include a discussion of steps browsers could take in order to help prevent user-tracking, but it is likely we will see targeted marketing taking advantage of this feature," revealed Fraser Howard, Sophos principal virus researcher.

Howard did in fact pinpoint client-side data storage as a very appealing target for the new attacks that will follow the availability of Internet Explorer 8 and Firefox 3.0. Sophos predicts that HTML 5 will bring to the table client-side SQL injection attacks, because of the SQL database local data storage capabilities. Firefox 3.0 is expected to drop by mid 2008. The release date for IE8 was not announced, but Beta 2 is also planned for the summer of this year.

"Increased provision for client-side storage is likely to have a large impact upon web applications that we use (in particular facilitating their offline use). However, the technologies may in turn significantly broaden the scope for attackers. As ever, users will be reliant upon the browsers to implement the specifications correctly, consistently and with security in mind. One thing is for sure, the attackers will already be investing energy into how some of the new features could be exploited," Howard added.

Download Firefox 3.0 Beta 4 / 2.0.0.12 from here and IE8 Beta 1 from here.

TAGS:

IE8 | Internet Explorer 8 | Beta 1 | Firefox 3.0 | Beta 4

SEARCH THE NEWS ARCHIVE :

Today's News | Yesterday's News | News Archive

User opinions:

No user comments yet.

Be the first to express your opinion using the form below!

Share your opinion:

SUBMIT PROGRAM \| ADVERTISE \| GET HELP \| SEND US FEEDBACK \| RSS FEEDS \| ENTER NEWS SITE \| ENGLISH BOARD \| ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved. Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.	Copyright Information \| Privacy Policy \| Terms of Use \| Update your software \| Archive

NEWS CATEGORIES: