By John Leyden
30th October 2006
An old security bug provides a way to crash Firefox 2.0, security
researchers have discovered. The memory corruption vulnerability
June 2006 and Firefox version 188.8.131.52 was supposed to fix the problem.
Despite this, Firefox 2.0 remains vulnerable to this issue. Due to code
reuse, other Mozilla products are also likely to be affected, a posting
on Bugtraq warns. The flaw might be used to inject hostile code into
vulnerable systems, but so far nothing more dangerous than an ability to
crash the browser has been demonstrated.
In other browser security news, security notification firm Secunia has
published details of another bug involving IE7. In default
configuration, IE7 is vulnerable to a Window Injection vulnerability
that previously hit IE6.
The flaw means it's possible for a malicious website to inject new
content into a popup window, which has been opened by a trusted site and
is thus potentially useful in phishing attacks.
"In IE7 this is mitigated by the address bar always being visible.
However, if this is combined with the IE7 'Popup Address Bar Spoofing
Weakness' issue from last week, the attack would be very convincing,"
Secunia CTO Thomas Kristensen said.
Visit the InfoSec News store!