Our Polish friend and expert security researcher, Michal Zalewski (lcamtuf), known for his endless stream of vulnerabilities in all manners of software, has struck again.
This time with some pretty serious flaws in both Internet
Exploder Explorer and Firefox. This time it’s 4, 2 in IE and 2 in Firefox.
The first which effects fully patched IE6 and IE7 is pretty serious and can result in cookie theft, cooking setting, page hijacking or memory corruption.
It’s based on a page update Race Condition (aka bait and switch vuln).
The demo can be found here:
The more serious of the two Firefox flaws is marked MAJOR and not CRITICAL and deals with the way the browser handles IFRAMEs (Cross-site IFRAME hijacking)
A demo can be found here:
The full e-mail with details of his vulnerabilities can be found here:
- OpenVPN Vulnerable To Shellshock Exploit
- Everything You NEED To Know About Shellshock Bug In BASH
- drozer – The Leading Security Testing Framework For Android
- Internet Explorer Zero-Day Accidentally Leaked To Chinese Hackers
- The Revisionist – Metadata Retrieval Tool
- Stealing ATM Pin Numbers Using Thermal Imaging Cameras
Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 227,755 views
- AJAX: Is your application secure enough? - 119,138 views
- eEye Launches 0-Day Exploit Tracker - 85,068 views