Feeds

A bumper crop of browser glitches

Patches required for Firefox, Opera, Konqueror and IE

  • alert
  • submit to reddit

Top three mobile application threats

Users of IE, Firefox, Opera, Safari and Konqueror all need to patch their browsers or implement workarounds this week following the release of a "full house" of internet client bug reports.

The most serious risk comes from a brace of IE security bugs which could be exploited to take over victim's systems. One of the vulns, a security zone restriction error, can bypass a security feature in Microsoft Windows XP SP2, Secunia reports. Even fully patched system with IE 6.0 and Microsoft Windows XP SP2 are vulnerable. Secunia advises users to disable active scripting as a precaution against attack. The vulnerabilities were independently discovered by Andreas Sandblad of Secunia Research and grey-hat hacker http-equiv.

Spoofing flap

Separately Secunia Research discovered a vulnerability in various browsers (Firefox, Opera, Safari and Konqueror) that might be exploited by malicious websites to spoof dialog boxes. The "moderately critical" bug could be used to trick users into handing over information to untrusted sites although exploitation is far from trivial. "Successful exploitation would normally require that a user is tricked into opening a link from a malicious website to a trusted website in a new tab," Secunia explains. A test is available here.

Secunia advises users not to visit trusted websites while visiting untrusted websites or to disable JavaScript as workarounds in advance for patches from vendors, Some of which have already been released. For example, KDE 3.3.1 protects against the vuln. Opera 7.60, currently in development, also guards against the spoofing exploit Secunia has identified. ®

Related stories

Seven critical in MS October patch batch
Mozilla updates browsers after bug hunt
XP SP2 über patch already needs fixing
Opera snips phishing lines

Combat fraud and increase customer satisfaction

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.