Dr. Strangelove
07-07-2006, 05:42 AM
From today's SANS NewsBites Vol. 8 Num. 53
WORMS, ACTIVE EXPLOITS, VULNERABILITIES & PATCHES
--Flaw Found in IE Also Affects Firefox
(30 June 2006)
One of the two recently disclosed flaws in Internet Explorer (IE) could
also affect users of Mozilla's Firefox web browser. The flaw affecting
both IE and Firefox could be exploited with cross-site scripting to
steal sensitive data. The exploit would require that the targeted user
have multiple browsers open. The flaw that affects just IE lies in HTA
application processing and could be exploited to allow files to be read
or rootkits to be installed without authorization. Exploit code for
both IE flaws has been published, but there have been no reported
attacks.
http://www.zdnet.co.uk/print/?TYPE=story&AT=39277956-39020375t-10000025c
[Editor's Note Tan: Browser vulnerabilities catch many people's
attention, particularly on those popular browsers. Interestingly, HD
Moore has announced in his blog that he will publish one new browser
vulnerability each day for the entire month of July to mark the Month
of Browser Bugs project. Let's hope the vendors will address them before
it gets out of control.
http://metasploit.blogspot.com/2006/07/month-of-browser-bugs.html]
Doc
WORMS, ACTIVE EXPLOITS, VULNERABILITIES & PATCHES
--Flaw Found in IE Also Affects Firefox
(30 June 2006)
One of the two recently disclosed flaws in Internet Explorer (IE) could
also affect users of Mozilla's Firefox web browser. The flaw affecting
both IE and Firefox could be exploited with cross-site scripting to
steal sensitive data. The exploit would require that the targeted user
have multiple browsers open. The flaw that affects just IE lies in HTA
application processing and could be exploited to allow files to be read
or rootkits to be installed without authorization. Exploit code for
both IE flaws has been published, but there have been no reported
attacks.
http://www.zdnet.co.uk/print/?TYPE=story&AT=39277956-39020375t-10000025c
[Editor's Note Tan: Browser vulnerabilities catch many people's
attention, particularly on those popular browsers. Interestingly, HD
Moore has announced in his blog that he will publish one new browser
vulnerability each day for the entire month of July to mark the Month
of Browser Bugs project. Let's hope the vendors will address them before
it gets out of control.
http://metasploit.blogspot.com/2006/07/month-of-browser-bugs.html]
Doc