A noted security researcher Monday disclosed four new zero-day vulnerabilities in Microsoft Corp. and Mozilla Corp.'s browsers, including a critical flaw in Internet Explorer (IE) and a "major" bug in Firefox. Michael Zalewski, who regularly publishes browser flaw findings, posted details on the Full-disclosure mailing list for cookie-stealing, keystroke-snooping, malicious downloading and site-spoofing bugs.
The most serious of the four, said Zalewski, is an IE6 and IE7 flaw he rated "critical." Dubbing it a "bait-and-switch" vulnerability, he said that the Microsoft browser gives hackers a window of opportunity to run malicious JavaScript to hijack the PC. "The entire security model of the browser collapses like a house of cards and renders you vulnerable to a plethora of nasty attacks," Zalewski claimed in notes that accompanied a demonstration of the IE bug. Up-to-date IE6 and IE7 are both at risk, he said, although Firefox is not.
View: Full Story
News source: PC World
7 Comments - Add comment