In association with heise online

27 October 2006, 13:47

Vulnerabilities in Firefox 2 and Internet Explorer 7

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Both Microsoft and the Mozilla Foundation appear not to have properly minded their Ps and Qs when it came time to remove old vulnerabilities during the development cycles of their newest browsers. For example, a known DoS hole from Firefox has not been completely removed in the final version of Firefox 2.0. Statements were posted on the major mailing lists back during the testing of the Release Candidates noting that the problem had not been removed. A modified exploit for the old hole causes Firefox 2.0 and to crash. Yet even in releasing the first fix for version, the developers did not rule out that the bug could potentially be exploited to plant code and hence categorised the problem as critical.

That estimation has probably changed in the interim. According to Mozilla's new security czar, Window Snyder, the flaw can definitively not be used to plant code in version 2.0. She sees the flaw as different from the old one, as that one has already been plugged. Why the exploit can take advantage of the same flaw remains unexplained. The flaw furthermore does no more than cause a crash, meaning that Firefox users are not really threatened, Snyder explained to the American media. She previously served as Senior Security Strategist at Microsoft. The matter still requires further investigation, she concluded.

Internet Explorer 7 also includes unplugged holes from Internet Explorer 6. A cross-site scripting attack using manipulated images with JavaScript hidden inside continues to function, for example. The hole was reported in September and is related to the way in which the browser header and data content are read in. An exploit demonstrates the problem.

On the very day of the release of the final version of Internet Explorer 7, Secunia [ticker:uk_79719 demonstrated] a problem in the browser whereby attackers could spy on the content of opened windows – a problem Microsoft had known about for six months already. Microsoft claimed in an analysis that the problem was not part of either Internet Explorer 6 or Internet Explorer 7, although the vulnerability demonstration used that browser as its attack vector. The fault is instead related to Outlook Express components in Windows, the analysis claims, and the matter is still under investigation.

Another vulnerability has also turned up in Internet Explorer 7 that could make life [ticker:uk_80009 easier] for phishers. By simply attaching specific symbols onto the end of a URL, a demo created by Secunia was able to forge the displayed address in the address bar of a pop-up window: the address bar in the demo reads, even though the content originated from Secunia.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit