Feeds

A bumper crop of browser glitches

Patches required for Firefox, Opera, Konqueror and IE

  • alert
  • submit to reddit

Top 5 reasons to deploy VMware with Tegile

Users of IE, Firefox, Opera, Safari and Konqueror all need to patch their browsers or implement workarounds this week following the release of a "full house" of internet client bug reports.

The most serious risk comes from a brace of IE security bugs which could be exploited to take over victim's systems. One of the vulns, a security zone restriction error, can bypass a security feature in Microsoft Windows XP SP2, Secunia reports. Even fully patched system with IE 6.0 and Microsoft Windows XP SP2 are vulnerable. Secunia advises users to disable active scripting as a precaution against attack. The vulnerabilities were independently discovered by Andreas Sandblad of Secunia Research and grey-hat hacker http-equiv.

Spoofing flap

Separately Secunia Research discovered a vulnerability in various browsers (Firefox, Opera, Safari and Konqueror) that might be exploited by malicious websites to spoof dialog boxes. The "moderately critical" bug could be used to trick users into handing over information to untrusted sites although exploitation is far from trivial. "Successful exploitation would normally require that a user is tricked into opening a link from a malicious website to a trusted website in a new tab," Secunia explains. A test is available here.

Secunia advises users not to visit trusted websites while visiting untrusted websites or to disable JavaScript as workarounds in advance for patches from vendors, Some of which have already been released. For example, KDE 3.3.1 protects against the vuln. Opera 7.60, currently in development, also guards against the spoofing exploit Secunia has identified. ®

Related stories

Seven critical in MS October patch batch
Mozilla updates browsers after bug hunt
XP SP2 über patch already needs fixing
Opera snips phishing lines

Secure remote control for conventional and virtual desktops

Whitepapers

Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
The total economic impact of Druva inSync
Examining the ROI enterprises may realize by implementing inSync, as they look to improve backup and recovery of endpoint data in a cost-effective manner.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Mitigating web security risk with SSL certificates
Web-based systems are essential tools for running business processes and delivering services to customers.