Platinax Internet >> Platinax Internet News

Platinax Internet News Internet and business news for the UK online

« Pension funds need big bluechip rise | Main | Consumer Electronics Show: Fun in the rain at Las Vegas »

January 08, 2005

Secunia unveils browser flaws: IE & Mozilla Firefox affected

Security company Secunia reported on serious flaws in both Internet Explorer and Mozilla Firefox could leave users vulnerable to hacking attacks.

Secunia updated it advisory Microsoft Internet Explorer Multiple Vulnerabilities to "extremely critical" after exploit code for one of three reported vulnerabilities was posted on the internet.

According to the CNet report IE flaw threat hits the roof:

Exploit code for one of the vulnerabilities, a flaw in an HTML Help control, was published on the Internet on Dec. 21 in an advisory by GreyHats Security Group.

"In order for us to rate a vulnerability as extremely critical, there has to be a working exploit out there and one that doesn't require user interaction," Kristensen said. "This is our highest rating and is the last warning for users to fix their systems."

The exploit code can be used to attack computers running Windows XP even if Microsoft's Service Pack 2 patch has been installed, Secunia said. The company is advising people to disable IE's Active X support as a preventative measure, until Microsoft develops a patch for the problem.

However, new vulnerabilities have also been reported in the increasingly popular Mozilla Firefox browser, as in Firefox flaw raises phishing fears:

The flaw in Mozilla Firefox 1.0, details of which were published by security company Secunia on Tuesday, could allow hackers to spoof the URL in the download dialog box that pops up when a Firefox user tries to download an item from a Web site. This flaw is caused by the dialog box incorrectly displaying long sub-domains and paths, which can be exploited to conceal the actual source of the download.

Mikko Hypponen, director of antivirus research at software maker F-Secure, said this bug could make Firefox users vulnerable to cybercriminals. "The most likely way we could see this exploited would be in phishing scams," he said.

However, as pointed out, users would have to click a link in an e-mail to a phishing site, and then download the malicious code for the exploit to work - and while Internet Explorer remains the phishing favourite due to its market share in the browser market, the warning on the Firefox exploit is not rated so severe as the Internet Exploror 6 warning above.

Microsoft has already announced that 3 "critical" security patches will be released next week for Windows, but have yet to comment on whether these patches will address the vulnerabilities in Internet Explorer.

Posted by at January 8, 2005 03:54 PM

> Discuss this in the Platinax Internet business forums

---

March 2005

S	M	T	W	T	F	S
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

News Archives:

• Apple
• Ask Jeeves
• Browsers
• Firefox
• Business
• Companies
• Employment
• Legal
• E-commerce
• Economy
• Finance Markets
• Housing Market
• Interest rates
• General
• Google
• Google Adwords & AdSense
• Google Desktop search
• Google Sandbox
• Google educational
• Google legal
• Google metrics
• Google miscellaneous
• Google security issues
• Google web search
• Google: company & staff
• Google: financial
• IBM
• Internet
• Internet TV
• Marketing
• PPC
• Microsoft
• Mobile devices
• Programming
• Linux
• Sun
• Unix
• Search Engines
• Security
• Phishing
• Technology
• Open Source
• Web Development
• Webhosting
• Webmaster
• Yahoo!