Gaping Holes Found in IE, Firefox
Researcher Michal Zalewski has reported a JavaScript flaw in fully patched IE 6 and 7 that can allow an attacker to fiddle with a document's Document Object Model—a model for representing HTML or XML and related formats.
The Firefox flaw Zalewski uncovered also boils down to a JavaScript error. This flaw allows an attacker to inject malicious code, including key-snooping event handlers, on pages that rely on IFrames (inline frames) to display contents or store state data—in other words, the unique configuration of information in a program or machine—or to communicate with a server.
Read the article HERE.
The Firefox flaw Zalewski uncovered also boils down to a JavaScript error. This flaw allows an attacker to inject malicious code, including key-snooping event handlers, on pages that rely on IFrames (inline frames) to display contents or store state data—in other words, the unique configuration of information in a program or machine—or to communicate with a server.
Read the article HERE.
posted by vanish at 9:26 AM
0 Comments:
Post a Comment
<< Home