Two new security flaws have been discovered in Microsoft's Internet Explorer, one of which could be replicated in Mozilla's Firefox, security experts have warned.
Code for both of the vulnerabilities has been published, but currently there are no reports of attackers who have taken advantage of these flaws, the SANS Internet Storm Center, which monitors network threats, said in an advisory released Wednesday.
The flaw that affects both IE and Firefox is related to the handling of the object.documentElement.outerHTML property, according to the advisory. That technology is used to access documents delivered from one Web site to another.
Attackers could exploit the IE or Firefox flaw using what's known as cross-site scripting, allowing them to view the contents of one open browser from a second browser open on the user's system, said Monty Ijzerman, senior manager of McAfee's Global Threat Group. The attackers, as a result, could swipe sensitive information, such as online banking data, from one of the sites, for example.
The second flaw is related to the way HTA applications are processed. A user could be tricked into double-clicking on a malicious file and remote code could be executed, Ijzerman said. An attacker could exploit the vulnerability to read files on a system or install rootkits, which make system changes to hide another piece of possibly malicious software.
View: Full Article @ CNET News.com
Code for both of the vulnerabilities has been published, but currently there are no reports of attackers who have taken advantage of these flaws, the SANS Internet Storm Center, which monitors network threats, said in an advisory released Wednesday.
The flaw that affects both IE and Firefox is related to the handling of the object.documentElement.outerHTML property, according to the advisory. That technology is used to access documents delivered from one Web site to another.
Attackers could exploit the IE or Firefox flaw using what's known as cross-site scripting, allowing them to view the contents of one open browser from a second browser open on the user's system, said Monty Ijzerman, senior manager of McAfee's Global Threat Group. The attackers, as a result, could swipe sensitive information, such as online banking data, from one of the sites, for example.
The second flaw is related to the way HTA applications are processed. A user could be tricked into double-clicking on a malicious file and remote code could be executed, Ijzerman said. An attacker could exploit the vulnerability to read files on a system or install rootkits, which make system changes to hide another piece of possibly malicious software.
View: Full Article @ CNET News.com
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.