Vulnerabilities in Firefox 2 and Internet Explorer 7
Both Microsoft and the Mozilla Foundation appear not to have properly minded their Ps and Qs when it came time to remove old vulnerabilities during the development cycles of their newest browsers. For example, a known DoS hole from Firefox 18.104.22.168 has not been completely removed in the final version of Firefox 2.0. Statements were posted on the major mailing lists back during the testing of the Release Candidates noting that the problem had not been removed. A modified exploit for the old hole causes Firefox 2.0 and 22.214.171.124 to crash. Yet even in releasing the first fix for version 126.96.36.199, the developers did not rule out that the bug could potentially be exploited to plant code and hence categorised the problem as critical.
That estimation has probably changed in the interim. According to Mozilla's new security czar, Window Snyder, the flaw can definitively not be used to plant code in version 2.0. She sees the flaw as different from the old one, as that one has already been plugged. Why the exploit can take advantage of the same flaw remains unexplained. The flaw furthermore does no more than cause a crash, meaning that Firefox users are not really threatened, Snyder explained to the American media. She previously served as Senior Security Strategist at Microsoft. The matter still requires further investigation, she concluded.
On the very day of the release of the final version of Internet Explorer 7, Secunia [ticker:uk_79719 demonstrated] a problem in the browser whereby attackers could spy on the content of opened windows – a problem Microsoft had known about for six months already. Microsoft claimed in an analysis that the problem was not part of either Internet Explorer 6 or Internet Explorer 7, although the vulnerability demonstration used that browser as its attack vector. The fault is instead related to Outlook Express components in Windows, the analysis claims, and the matter is still under investigation.
Another vulnerability has also turned up in Internet Explorer 7 that could make life [ticker:uk_80009 easier] for phishers. By simply attaching specific symbols onto the end of a URL, a demo created by Secunia was able to forge the displayed address in the address bar of a pop-up window: the address bar in the demo reads www.microsoft.com, even though the content originated from Secunia.
- Flaw in Firefox 2.0 Final, Advisory on Bugtraq