Our Polish friend and expert security researcher, Michal Zalewski (lcamtuf), known for his endless stream of vulnerabilities in all manners of software, has struck again.
This time with some pretty serious flaws in both Internet
Exploder Explorer and Firefox. This time it’s 4, 2 in IE and 2 in Firefox.
The first which effects fully patched IE6 and IE7 is pretty serious and can result in cookie theft, cooking setting, page hijacking or memory corruption.
It’s based on a page update Race Condition (aka bait and switch vuln).
The demo can be found here:
The more serious of the two Firefox flaws is marked MAJOR and not CRITICAL and deals with the way the browser handles IFRAMEs (Cross-site IFRAME hijacking)
A demo can be found here:
The full e-mail with details of his vulnerabilities can be found here:
- PayPal Remote Code Execution Vulnerability Patched
- Fortinet SSH Backdoor Found In Firewalls
- Facebook Disabled Flash For Video Finally
- Internet Explorer Zero-Day Accidentally Leaked To Chinese Hackers
- The Revisionist – Metadata Retrieval Tool
- Stealing ATM Pin Numbers Using Thermal Imaging Cameras
Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 233,145 views
- AJAX: Is your application secure enough? - 119,822 views
- eEye Launches 0-Day Exploit Tracker - 85,360 views