Microsoft, Mozilla play down browser bug

Microsoft and Mozilla have acknowledged that a security hole in their Web browsers could let an intruder nab files, but say it is tough to exploit and so not that high a risk. Internet Explorer and Firefox, as well as other Mozilla browsers, are flawed in the way they handle JavaScript, security experts warned this […]

Microsoft and Mozilla have acknowledged that a security hole in their Web browsers could let an intruder nab files, but say it is tough to exploit and so not that high a risk.

Internet Explorer and Firefox, as well as other Mozilla browsers, are flawed in the way they handle JavaScript, security experts warned this week. An attacker could use the problem to launch surreptitious file uploads, jeopardizing people's personal data, they said. But exploiting the flaw requires so much user interaction that Microsoft and Mozilla don't think it poses much of a danger. The companies do not see a need to rush out a fix. Instead, both plan to address the bug in upcoming releases of their browsers, representatives said, but did not specify which update or when it might arrive.

"This vulnerability does not allow a malicious attacker to execute code against a user's machine but rather requires significant user interaction that could result in information disclosure," a Microsoft representative said in an e-mailed statement. "Microsoft plans to address this vulnerability in a future version of Internet Explorer." |