BBC NEWS | Technology | Users urged to fix browser flaw::
PC users are being urged to download and install patches for critical New year brings fresh security fears. 27 Jan 06 | Technology. RELATED INTERNET LINKS:
http://news.bbc.co.uk/1/hi/technology/4896348.stmHOME |
Its not rare when a flaw disables Microsoft Internet
Explorer (IE), but it is rare when the same flaw affects the alternatives.
Thats the unfortunate case with a new bug that targets the
Mozilla Browser,
Mozilla Firefox,
Opera and
Apple Safari. It causes them to crash and
could potentially form the basis of an exploit that would affect virtually all major
browsers.
Guardian Unlimited | Archive Search::
handers still feel left out. Angelique Chrisafis, Arts correspondent of abuse in every culture - something that New Labour might already be aware of.
http://www.guardian.co.uk/Archive/Article/0,4273,4427862,00.htmlHOME |
New Internet Explorer Flaw Opens XP SP2 To Attack::
A new flaw has come to surface in Microsofts Internet Explorer browser, which browser, and since the first of the year, has patched IE five out of nine months.
http://www.techshout.com/internet/2005/18/new-internet-explorer-flaw-opens-xp-sp2-to-attackHOME |
The bug has been called the Infinite Array Sort Denial Of Service Vulnerability
and causes the affected browsers to execute an infinite JavaScript array sort. That
operation in turn effectively causes a DoS on the browser in question and causes it
to crash by exhausting stack memory.
ZDNet Technology News::
out about the companys social media browser, its Alienwares new Curved Display will make you the envy of gamers everywhere Check out the features
http://news.zdnet.comHOME |
Mozilla Firefox 2.0.0.7 Release Notes::
Release Notes cover whats new, download and installation instructions, known might not open them in Firefox, even if you have set it as your default browser.
http://en-us.www.mozilla.com/en-US/firefox/2.0.0.7/releasenotesHOME |
At present there are no confirmed exploits in the wild that expand the vulnerability
to execute malicious code, though that may only be a matter of time.
Independent security researcher Berend-Jan Wever is credited with discovering the
flaw. Though the flaw was just disclosed on security mailing lists, Wever has been
aware of the flaw for some time and like many researchers had begun his efforts with
a focus on IE.
Browser phishing flaw could hook users | TalkBack on ZDNet::
Isnt the lock icon totally meaning less in the context of phishing? Learn about new business ideas. Discover better ways to make your businesses perform.
http://news.zdnet.com/Browser+phishing+flaw+could+hook+users/52messageID=139938&start=-1HOME |
I do not remember the exact details, since I found it quite some time ago. I was
probably looking for flaws in IE by guessing what might crash it, Wever told internetnews.com.
Ive found a few vulnerabilities caused by JavaScript infinite loops and one in the sort()
routine earlier. Probably it was an educated yet lucky guess. Its been on my hard disk ever since.
The actual code required to crash the browsers has been publicly disclosed by
Wever and contains only four lines of code.
Wever came under some fire from other members of the security community
on various security mailing lists for disclosing the vulnerability, as well as his
previous disclosures regarding the IFRAME vulnerability. In a public post, Wever
defended his disclosure and reminded the community that other less scrupulous individuals
exist that find vulnerabilities and exploit them for greater profit.
What if I was without integrity, as some people would have it, and would write a worm
exploiting some (or all) of the bugs I had found over the years? Wever wrote.
Bug entries have been posted to Mozillas Bugzilla reporting system, but at press time, Mozilla, Microsoft, Apple and Opera had not posted any patches for the flaw.
Pre-Article:Be Better Prepared for the Coming Disaster
Next-Article:SBC, FCC Joust Over VoIP Tariff
|
PRINT
Add to favorites