Browser beware: Unpatched holes in Firefox, IE 7

Summary:Firefox and Internet Explorer users beware: There are serious, unpatched flaws in both browsers that could allow the manipulation of authentication cookies and the hijacking of files from your Windows machine.

Firefox and Internet Explorer users beware: There are serious, unpatched flaws in both browsers that could allow the manipulation of authentication cookies and the hijacking of files from your Windows machine.

Details on both vulnerabilities have already been posted to the Full Disclosure mailing list by Polish researcher Michal Zalewski. SecurityFocus provides coverage of the issue, which dates back to 2006.

According to Zalewski, a well-known hacker credited with several major flaw discoveries, there are two very different issues affecting Firefox and IE 7.

First up is a brand-new IE 7 bug that could be used to divert keystrokes from Web-based games, blog entries and comment forms, online chats. In certain scenarios, an attacker could exploit the flaw to read sensitive local files on a computer. "Some user interaction is required, but only to an extent commonly expected on some popular Web site. XSS attacks make it far worse," Zalewski said.

Click here for an online demonstration of the IE 7 (and prior) vulnerability.

Firefox 1.5 and 2.0 users can test for the flaw here.

Separately, Zalewski also warned about a new bug in the way Firefox handles writes to the 'location.hostname' DOM property. The bug could allow for the browser to appear as if were connecting to a bank, when in fact it would instead be receiving data from a bad guy, according to a note on the F-Secure blog.

Click here for a demo of the Firefox 2.0.01 bug, which requires JavaScript. Mozilla's security response team is already working on a patch.

I have a query in to Microsoft for a comment on the IE 7 issue. Will update as necessary. 

[UPDATED: February 15, 2007; 6:17 PM Eastern]  Just received this note from the Microsoft Security Response Center:

Microsoft's initial investigation reveals that an attacker could gain access to user files if the location of a given file is already known. In order to be successful, an attacker in advance would have to convince the user to enter the location of a file into an attacker's Web page through social engineering.  Upon completion of this investigation, Microsoft will take appropriate action to help protect our customers.

Topics: Browser, Microsoft

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.