Slashdot Mirror


IE Flaw Exposes Users To Spoof-Based Attacks

Sotos wrote to mention a C|Net article discussing a new spoof-based attack on Internet Explorer. From the article: " The problem lies in the way Microsoft has implemented a JavaScript component in its Web browser, security researcher Amit Klein wrote in a research document. Internet Explorer does not validate some data fields provided by a PC when the component, called XmlHttpRequest, is used, he wrote. The vulnerability could be exploited with specially crafted code. An attacker could spoof a legitimate Web site, access data from the Web browser's cache or stage a so-called man-in-the-middle attack, which taps into traffic between a user and another Web site, according to Klein's write-up. " Secunia has an alert up on the spoof.

4 of 169 comments (clear)

  1. IE has flaws? by .Spyder78. · · Score: 0, Redundant

    Wow, whoda thunk it?

  2. Bleh by UnsungZeros · · Score: -1, Redundant

    IE flawed security is news? What is this, Slashdot?

  3. Re:Crank Up The Flamethrowers by kianu7 · · Score: -1, Redundant

    So true, so true. So, are there any FireFox users out there besides me? :)

  4. IE Flaw Exposes Users . . . by Coolnat2004 · · Score: 0, Redundant

    What?! Again?! I thought IE rox0red!!