JavaScript opens up more browser woes
A prominent security researcher has disclosed serious, unpatched flaws in the way fully up-to-date Firefox and Internet Explorer browsers handle JavaScript.
The disclosures come shortly after the Mozilla Foundation patched critical JavaScript-related vulnerabilities in Firefox. Mozilla said it is working on the new problems, but classified them as lower-risk.
The first bug, affecting fully patched IE 6 and 7, could allow JavaScript from an unsafe site to carry out actions related to a seemingly safe third-party site, researcher Michal Zalewski said in a bulletin on the Full Disclosure mailing list.
He said that when JavaScript code from a potentially unsafe site instructs the browser to navigate to an unrelated third-party site, there is a window of opportunity for JavaScript to perform actions such as reading or setting cookies, hijacking pages, injecting code, corrupting memory or crashing the browser.
Zalewski classified the bug as "critical." Microsoft said it is aware of the report and is investigating.
The second bug, affecting Firefox, could allow an attacker to inject JavaScript into pages using IFRAMEs, a common method of displaying content. This could allow malicious code such as key-loggers to be implanted on the page, or could allow spoofing, Zalewski said.
The bug has been submitted to Mozilla as bug 382686, and is similar to Mozilla bug 381300 but is more serious, the researcher said.
He said the bug was "major," but Mozilla's security chief, Windows Snyder, said the bug was not highly serious, giving it a security rating of "low."
Zalewski also reported two less serious problems, one potentially allowing an attacker to download programs onto a user's computer, and the other allowing spoofing of URL data in IE 6.
Mozilla's Snyder noted that the second Firefox bug would require an additional vulnerability to have any effect on users.
Last week Mozilla said it had patched several serious security flaws in Firefox, bugs that also affect the SeaMonkey browser and the Thunderbird email application. The bugs could allow an attacker to take over a system, as well as less serious exploits such as spoofing or security bypass, Mozilla said.
While browser bug patches, even for critical flaws, have become somewhat routine, the latest alert highlighted the fact that Firefox no longer has as clear an advantage over Microsoft's Internet Explorer as it once did.
» posted by ITworld staff
Techworld.com
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
Crimeware: Understanding New Attacks and Defenses
By Markus Jakobsson, Zulfikar Ramzan
Published Apr 6, 2008 by Addison-Wesley Professional. Part of the Symantec Press series.
Enter now! | Official rules | Sample chapter
Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures
By Peter Thermos, Ari Takanen
Published Aug 1, 2007 by Addison-Wesley Professional.
Enter now! | Official rules | Sample chapter
