New Zero-Day Bugs Crop up in IE, Firefox
Posted by RangerLG on 05 June 2007 - 20:50 · 7 comments & 2684 views
About the Author
Full name: Unknown
Forum name: RangerLG
Contact: via forum PM
Submissions: Normal · Headline
Full name: Unknown
Forum name: RangerLG
Contact: via forum PM
Submissions: Normal · Headline
Slashdot It!
Submit to reddit
Submit to blinklist
Bookmark on del.icio.us
Add to furl
Share on Facebook
Add to Windows Live
Add to Google- Advertisement
-
-
(1 reply)
#2 Posted by toadeater on 05 Jun 2007 - 21:49
- First rule of Windows security: don't use Internet Explorer.
-
(3 replies)
#3 Posted by RealFduch on 06 Jun 2007 - 00:18
- reading comprehension?Quote -"IE7 is not affected because of certain high-level changes in the browser," Zalewski said
-
#3.1 Posted by +mrbester on 06 Jun 2007 - 09:30
- Perhaps you should go back to school as well IE fanboy.
Full quote:Quote -Zalewski posted information about two other bugs, both rated "medium." A Firefox vulnerability could lead to unauthorized downloads, while IE6 is open to yet another address bar-spoofing flaw. "IE7 is not affected because of certain high-level changes in the browser," Zalewski said of the fourth vulnerability. -
#3.2 Posted by RealFduch on 06 Jun 2007 - 17:25
- Quote - (mrbester said @ #3.1)Full quote:Quote -Zalewski posted information about two other bugs, both rated "medium." A Firefox vulnerability could lead to unauthorized downloads, while IE6 is open to yet another address bar-spoofing flaw. "IE7 is not affected because of certain high-level changes in the browser," Zalewski said of the fourth vulnerability.
So tell me please how to transform that quote to this:Quote -Up-to-date IE6 and IE7 are both at risk, he said, although Firefox is not. -
#3.3 Posted by +mrbester on 07 Jun 2007 - 11:34
- That was referring to the the IE6 and IE7 flaw he rated "critical". You mixed up the "critical" flaw that affects IE and not Firefox (the bait-and-switch) with a "medium" flaw that doesn't affect IE7 but does affect IE6 (the address spoofing). Clearer now?
The most serious of the four, said Zalewski, is an IE6 and IE7 flaw he rated "critical." Dubbing it a "bait-and-switch" vulnerability, he said that the Microsoft browser gives hackers a window of opportunity to run malicious JavaScript to hijack the PC. "The entire security model of the browser collapses like a house of cards and renders you vulnerable to a plethora of nasty attacks," Zalewski claimed in notes that accompanied a demonstration of the IE bug. Up-to-date IE6 and IE7 are both at risk, he said, although Firefox is not.