Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Firefox and IE Zero Days SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Firefox and IE Zero Days
Michal Zalewski has reported several browser bugs worth alerting on

The information was posted to the Full-Disclosure mailing list and has been reported on in Computer World:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9023043

Thanks to several readers that made sure we took note.

Here is a brief summary of his report. Please refer to Full-Disclosure for more details:

1) Title : MSIE page update race condition (CRITICAL)
Impact : cookie stealing / setting, page hijacking, memory corruption
Affected : MSIE6 and MSIE7

2) Title : Firefox Cross-site IFRAME hijacking (MAJOR)
Impact : keyboard snooping, content spoofing, etc
Affected : Firefox 2.0

3) Title : Firefox file prompt delay bypass (MEDIUM)
Impact : non-consentual download or execution of files
Affected : Firefox v?.?

3) Title : MSIE6 URL bar spoofing (MEDIUM)
Impact : mimicking an arbitrary site, possibly including SSL data
Affected : MSIE6

Source:
http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063712.html
Robert

49 Posts

Sign Up for Free or Log In to start participating in the conversation!