Microsoft Rocked by New IE Zero-Day Flaw Warning
Posted by Daniel Fleshbourne on 26 April 2006 - 09:27 · 9 comments & 10665 views
About the Author
Full name: Daniel Fleshbourne
Forum name: Daniel
Contact: via forum PM
Submissions: Normal · Headline
Full name: Daniel Fleshbourne
Forum name: Daniel
Contact: via forum PM
Submissions: Normal · Headline
Slashdot It!
Submit to reddit
Submit to blinklist
Bookmark on del.icio.us
Add to furl
Share on Facebook
Add to Windows Live
Add to Google- Advertisement
-
-
#1 Posted by b0m8er on 26 Apr 2006 - 09:38
- What IE is affected? 6 SP2?
I hope IE7 beta 2 is fine..
-
(4 replies)
#2 Posted by carpediem on 26 Apr 2006 - 10:00
- Firefox also got one
http://www.securident.com/vuln/ff.txt -
#2.1 Posted by mrbester on 26 Apr 2006 - 12:14
- Big difference being that the Mozilla dev will most likely sort it out in a few days, maybe less if it is a critical security problem, whereas Microsoft (as stated in the linked article) will do the usual round-the-houses fob-off until patch day next month. If then.
-
#2.2 Posted by markjensen on 26 Apr 2006 - 13:48
- "http://www.securident.com/vuln/ffdos.htm"
The Proof of Concept explit link didn't do anything for me. Just opened a browswer to a page with a blank scrollable area, and a small-ish text box beneath it.
How old is that link, anyhow? -
#2.3 Posted by Ned on 26 Apr 2006 - 15:29
- It worked for me using 1.5.0.2
edit - hmm, it's fixed in the latest 1.5.0.3 build....
Of course, that build won't be officially released until when now?
Last edited by Ned on 26 Apr 2006 - 15:37 -
#2.4 Posted by pandr on 27 Apr 2006 - 11:23
- There are 2 high critical flaws in Firefox 1.5.0.2:
this: http://www.securident.com/vuln/ff.txt
Result: Firefox Remote Code Execution and Denial of Service - Vendor contacted, no patch yet.
and this: https://bugzilla.mozilla.org/show_bug.cgi?id=334341
Mozilla Firefox 1.5.0.2 allows user-complicit remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a ,wma file to launch Windows Media Player, or by referencing an "alternate web page."
-
#3 Posted by mircleman on 26 Apr 2006 - 12:00
- god microsoft scrambling AGAIN and people still defend them whens enough , enough.
-
#4 Posted by Mohsin Naqi on 26 Apr 2006 - 14:31
- Hole in an a$$.. what's the big deal?
-
#5 Posted by ahhell on 26 Apr 2006 - 15:44
- *yawn*
Sounds like antiMicrosoft-fanboyism to me.
A spokesman for Microsoft said the initial investigation has revealed that the bug would most likely result in the browser closing unexpectedly or failing to respond. "Microsoft will continue to investigate the public reports to help provide additional guidance for customers as necessary."