Our Polish friend and expert security researcher, Michal Zalewski (lcamtuf), known for his endless stream of vulnerabilities in all manners of software, has struck again.
This time with some pretty serious flaws in both Internet
Exploder Explorer and Firefox. This time it’s 4, 2 in IE and 2 in Firefox.
The first which effects fully patched IE6 and IE7 is pretty serious and can result in cookie theft, cooking setting, page hijacking or memory corruption.
It’s based on a page update Race Condition (aka bait and switch vuln).
The demo can be found here:
The more serious of the two Firefox flaws is marked MAJOR and not CRITICAL and deals with the way the browser handles IFRAMEs (Cross-site IFRAME hijacking)
A demo can be found here:
The full e-mail with details of his vulnerabilities can be found here:
- The Logjam Attack – ANOTHER Critical TLS Weakness
- WordPress Critical Zero-Day Vulnerability Fixed In A Hurry
- Commix – Command Injection Attack Tool
- Internet Explorer Zero-Day Accidentally Leaked To Chinese Hackers
- The Revisionist – Metadata Retrieval Tool
- Stealing ATM Pin Numbers Using Thermal Imaging Cameras
Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 230,683 views
- AJAX: Is your application secure enough? - 119,545 views
- eEye Launches 0-Day Exploit Tracker - 85,229 views