IE and Firefox Share a Vulnerability

hcmtnbiker writes with news of a logic flaw shared by IE 7 and Firefox 2.0. IE 5.01, IE 6, and Firefox 1.5.0.9 are also affected. The flaw was discovered by Michal Zalewski, and is easily demonstrated on IE7 and Firefox. The vulnerability is not platform-specific, but these demonstrations are — they work only on Windows systems. (Microsoft says that IE7 on Vista is not vulnerable.) From the vulnerability description: "In all modern browsers, form fields (used to upload user-specified files to a remote server) enjoy some added protection meant to prevent scripts from arbitrarily choosing local files to be sent, and automatically submitting the form without user knowledge. For example, '.value' parameter cannot be set or changed, and any changes to .type reset the contents of the field... [in this attack] the keyboard input in unrelated locations can be selectively geared toward input fields by the attacker."

Awww, that's so cute

[varmint+jerky]

Next thing you know they'll be coquettishly batting eyelashes at each other and accidently eating the same strand of spaghetti.

Re:Awww, that's so cute

IE is *so* the bitch of that couple.

The real common vulnerability...

[NotQuiteReal]

Is 90% of those vulnerable are "regular users".

For good or ill, I don't know many regular users, of course it is lonely at times...

Re:Offtopic

[RuBLed]

Easy, reply to this and type the words "I want a cute bug picture. Now. \."

Sad realization

So...Safari on the Mac is A-OK?

IP violation

[darth_linux]

Firefox obviously violates M$ IP if there is a shared venerability.

Comment removed

[account_deleted]

Comment removed based on user account deletion