Feeds

A bumper crop of browser glitches

Patches required for Firefox, Opera, Konqueror and IE

  • alert
  • submit to reddit

Top 5 reasons to deploy VMware with Tegile

Users of IE, Firefox, Opera, Safari and Konqueror all need to patch their browsers or implement workarounds this week following the release of a "full house" of internet client bug reports.

The most serious risk comes from a brace of IE security bugs which could be exploited to take over victim's systems. One of the vulns, a security zone restriction error, can bypass a security feature in Microsoft Windows XP SP2, Secunia reports. Even fully patched system with IE 6.0 and Microsoft Windows XP SP2 are vulnerable. Secunia advises users to disable active scripting as a precaution against attack. The vulnerabilities were independently discovered by Andreas Sandblad of Secunia Research and grey-hat hacker http-equiv.

Spoofing flap

Separately Secunia Research discovered a vulnerability in various browsers (Firefox, Opera, Safari and Konqueror) that might be exploited by malicious websites to spoof dialog boxes. The "moderately critical" bug could be used to trick users into handing over information to untrusted sites although exploitation is far from trivial. "Successful exploitation would normally require that a user is tricked into opening a link from a malicious website to a trusted website in a new tab," Secunia explains. A test is available here.

Secunia advises users not to visit trusted websites while visiting untrusted websites or to disable JavaScript as workarounds in advance for patches from vendors, Some of which have already been released. For example, KDE 3.3.1 protects against the vuln. Opera 7.60, currently in development, also guards against the spoofing exploit Secunia has identified. ®

Related stories

Seven critical in MS October patch batch
Mozilla updates browsers after bug hunt
XP SP2 über patch already needs fixing
Opera snips phishing lines

Beginner's guide to SSL certificates

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.