Our Polish friend and expert security researcher, Michal Zalewski (lcamtuf), known for his endless stream of vulnerabilities in all manners of software, has struck again.
This time with some pretty serious flaws in both Internet
Exploder Explorer and Firefox. This time it’s 4, 2 in IE and 2 in Firefox.
The first which effects fully patched IE6 and IE7 is pretty serious and can result in cookie theft, cooking setting, page hijacking or memory corruption.
It’s based on a page update Race Condition (aka bait and switch vuln).
The demo can be found here:
The more serious of the two Firefox flaws is marked MAJOR and not CRITICAL and deals with the way the browser handles IFRAMEs (Cross-site IFRAME hijacking)
A demo can be found here:
The full e-mail with details of his vulnerabilities can be found here:
Recent in Exploits/Vulnerabilities:
- Evernote Hacked – ALL Users Required To Reset Passwords
- Apple, Facebook & Hundreds More Hacked By 0-Day Java Exploit
- Weevely – PHP Stealth Tiny Web Shell
- Internet Explorer Zero-Day Accidentally Leaked To Chinese Hackers
- The Revisionist – Metadata Retrieval Tool
- Stealing ATM Pin Numbers Using Thermal Imaging Cameras
Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 218,396 views
- AJAX: Is your application secure enough? - 117,832 views
- eEye Launches 0-Day Exploit Tracker - 84,866 views