HomeSecurity

IE, Firefox Users at Risk From New Flaws

Sean Michael Kerner
By Sean Michael Kerner


It’s not every day that a potential security risk emerges that could affect
both Microsoft’s Internet Explorer and Mozilla Firefox Web browsers. But it is today.

Reports abound of a flaw that exists in both browsers that could allow for unintended information disclosure that could put users at risk.


Security researcher Plebo Aesdi Nael first reported a pair of
vulnerabilities on a public security mailing list. Only one of the flaws affects both IE and Mozilla
browsers.

Security firm Secunia has rated the flaws “less critical,”
but the SANS Internet Storm Center noted that the risk has, “raised some of
our neck hairs.”


The first flaw involves HTML applications (HTAs), which, according to Microsoft, are full-fledged applications that
are trusted and display only the menus, icons, toolbars, and title
information that the Web developer creates.

The alleged vulnerability
requires a user to click on an icon which then takes advantage of the
software flaw to disclose potentially confidential user information.


The second flaw involves the exploitation of the
“object.documentElement.outerHTML” property.

“The abuse of this property will allow an
attacker to retrieve remote content in the context of the web page which is
being currently viewed by the user,” according to the
SANS Internet Storm Center (ISC).


So an attacker could rip the data that a user has entered for other Web sites
that they may be logged into and steal their user credentials for whatever
malicious purpose they desire.


Though Nael’s original mailing list posting just identifies IE
as being at risk, independent analysis by SANS ISC has shown that
Firefox is vulnerable to the “object.documentElement.outerHTML” property
flaw, as well.

Both Nael and Secunia have posted public proof of
concept (PoC) code that demonstrates the flaw in action.


Microsoft Security Response Center (MSRC) staffer Adrian Stone indicated on the
MSRC blog that Microsoft was aware of the issue and is investigating.
Microsoft is currently unaware of any attacks that take advantage of the
flaw.


Mozilla is scheduled to release a Firefox 1.5.0.5 update on July 25, though
it is unclear as to whether that update will address the flaw.

Sean Michael Kerner
Sean Michael Kerner
Previous article
HP Feeds Growing Virtualization Demand
Next article
Google Checkout Open, Ready for Business

Similar Posts

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web

InternetNews is a source of industry news and intelligence for IT professionals from all branches of the technology world. InternetNews focuses on helping professionals grow their knowledge base and authority in their field with the top news and trends in Software, IT Management, Networking & Communications, and Small Business.

Advertisers

Advertise with TechnologyAdvice on InternetNews and our other IT-focused platforms.

Advertise with Us

Menu

Our Brands

Property of TechnologyAdvice.
© 2024 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.