Mozilla caught napping on URL protocol handling flaw
It turns out that Mozilla's Firefox is just as guilty Microsoft's Internet Explorer when it comes to passing dangerous data to third party applications.
Zero Day
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Ryan Naraine
Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.
Dancho Danchev
Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.
Latest Posts
CEO out in Core Security shake-up
Core Security Technologies, one of a handful of companies hawking penetration testing tools to businesses, is looking for a new CEO to replace Paul Paget.
Code execution exploit dings iPhone
Researchers at Security Evaluators have found what is believed to be the first remote code execution flaw affecting the device -- a bug that can be used to take full control of an iPhone surfing to a rigged Web site.
Microsoft: 'Very difficult' to block IE attack vector
A member of Microsoft's Internet Explorer team says it is "very difficult" to put protections in place to block the protocol handlers attack vector exposed by the recent IE-to-Firefox code execution vulnerability.
MPack exploit kit creator speaks
In the interview, presented from multiple IRC conversations and edited/reordered for clarity, SecurityFocus reporter Rob Lemos peeks behind the dark curtain of exploit writing and the lucrative underground market that exists for critical software vulnerabilities.
Opera plugs nasty code execution hole
A new version of the cross-platform browser was released today to plug a highly critical code execution bug in the way Opera integrates support for BitTorrent downloads.
Firefox raises barrier to cross-site scripting attacks
Mozilla has quietly fitted a new security feature into the latest Firefox update, adding the ability for the browser to prevent cross-site scripting attacks.
Mac worm rumors swirl; Dai Zovi ships unofficial Mac OS X patch
Amidst unconfirmed rumors that anonymous hackers have created a worm that exploits an unpatched code execution flaw in Mac OS X (Intel), a team of researchers have come up with a way to completely disable a buggy portion of the Mac code base.
Mozilla patches Firefox; tells users to avoid IE
Mozilla has rolled out Firefox 2.0.0.5 with patches for a total of 9 nine vulnerabilities, including cover for the controversial IE-to-Firefox code execution attack vector.
Blocking (Internet Explorer) drive-by malware downloads
In this image gallery, we take Haute Secure's new Internet Explorer browser add-on for a whirl, looking at the installation and use of in real-world examples.