Our Polish friend and expert security researcher, Michal Zalewski (lcamtuf), known for his endless stream of vulnerabilities in all manners of software, has struck again.
This time with some pretty serious flaws in both Internet
Exploder Explorer and Firefox. This time it’s 4, 2 in IE and 2 in Firefox.
The first which effects fully patched IE6 and IE7 is pretty serious and can result in cookie theft, cooking setting, page hijacking or memory corruption.
It’s based on a page update Race Condition (aka bait and switch vuln).
The demo can be found here:
The more serious of the two Firefox flaws is marked MAJOR and not CRITICAL and deals with the way the browser handles IFRAMEs (Cross-site IFRAME hijacking)
A demo can be found here:
The full e-mail with details of his vulnerabilities can be found here:
- Rowhammer – DDR3 Exploit – What You Need To Know
- Santoku Linux – Mobile Forensics, Malware Analysis, and App Security Testing LiveCD
- Google Expands Pwnium Year Round With Infinite Bounty
- Internet Explorer Zero-Day Accidentally Leaked To Chinese Hackers
- The Revisionist – Metadata Retrieval Tool
- Stealing ATM Pin Numbers Using Thermal Imaging Cameras
Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 229,569 views
- AJAX: Is your application secure enough? - 119,409 views
- eEye Launches 0-Day Exploit Tracker - 85,198 views