New vulnerabilities hit Firefox and Internet Explorer

Security researcher Michal Zalewski has published four new vulnerabilities to the Full Disclosure mailing list for Microsoft Internet Explorer and Mozilla Firefox. There are no patches yet available from either vendor. The most serious is MSIE page update race condition, where users navigating with JavaScript from one page to another page with the same domain […]

Security researcher Michal Zalewski has published four new vulnerabilities to the Full Disclosure mailing list for Microsoft Internet Explorer and Mozilla Firefox. There are no patches yet available from either vendor. The most serious is MSIE page update race condition, where users navigating with JavaScript from one page to another page with the same domain experience a window of opportunity for attackers to concurrently execute JavaScript to perform actions with the permissions of the previous page.

The next most severe is Firefox Cross-site IFRAME hijacking where an attack against about :blank frames could allow malicious code execution. Zalewski also published two medium-threat vulnerabilities, one each for Firefox and Internet Explorer. Firefox file prompt delay bypass allows an "attacker to download or run files without user's knowledge or consent." And, finally, Internet Explorer 6 URL bar spoofing is a URL spoofing vulnerability. This last vulnerability does not affect Internet Explorer 7.

Source:? C|Net

Microsoft, Internet Explorer, IE, Firefox, Vulnerabilities

About The Author

Deepak Gupta is a IT & Web Consultant. He is the founder and CEO of diTii.com & DIT Technologies, where he's engaged in providing Technology Consultancy, Design and Development of Desktop, Web and Mobile applications using various tools and softwares. Sign-up for the Email for daily updates. Google+ Profile.