Slashdot Mirror

← Back to Stories (view on slashdot.org)

Gaping Holes In Fully Patched IE7, Firefox 2

Posted by kdawson on from the just-when-you-thought-it-was-safe dept.

Continent1106 writes "Hacker Michal Zalewski has ratcheted up his ongoing assault on Web browser security models, releasing details on serious flaws in fully patched versions of IE6, IE7 and Firefox 2.0. The vulnerabilities could cause cookie stealing, page hijacking, memory corruption, code execution, and URL bar spoofing attacks." Here is Zalewski's post to Full Disclosure.

20 of 303 comments (clear)

  1. Re:And Opera by WilliamSChips · · Score: 4, Funny

    Naw, Opera just randomly crashes and then has a default behavior of restarting the site that causes it to randomly crash.

    --
    Please, for the good of Humanity, vote Obama.
  2. Woot! by Anonymous Coward · · Score: 4, Funny

    Wow, I'm so glad I installed Firefox so I'm immune to all of these IE bugs!

    Oh, wait, what did that say?

    -AC

    1. Re:Woot! by Mark_in_Brazil · · Score: 4, Funny

      Wow, I'm so glad I installed Firefox so I'm immune to all of these IE bugs!

      Oh, wait, what did that say?
      It said the only critical flaw in the bunch is in MSIE 6 only.

      This has been another edition of Easy Answers to Stupid Astroturfer Questions.
      --
      "It is nice to know that the computer understands the problem. But I would like to understand it too." --Eugene Wigner
  3. Gaping holes? by Paktu · · Score: 5, Funny

    Article tagged as goatse.

  4. Lynx by Anonymous Coward · · Score: 2, Funny

    I use Lynx, you insolent clod! Get off my lawn!

    1. Re:Lynx by rustalot42684 · · Score: 2, Funny

      If you can't do it from the command line, you shouldn't do it at all! Who needs pictures, anyways?

  5. Sounds like Terrorist to me. by 3seas · · Score: 5, Funny

    cookie STEALING, page HIJACKING, memory CORRUPTION, code EXECUTION, and URL bar spoofing ATTACKS.

    So where the fuck is home land security when you need them.

    1. Re:Sounds like Terrorist to me. by Anonymous Coward · · Score: 5, Funny

      what's so terrible about urls?

  6. And Elinks by gumpish · · Score: 2, Funny

    No holes for elinks? Oh well...

    (sits back in corner with large grin on face)

  7. read b4 clicking, warning , danger ! by weighn · · Score: 4, Funny
    http://impoll.net/cgi-bin/v.cgi?p=1585&r=0
    http://impoll.net/cgi-bin/v.cgi?p=1585&r=1

    following could cause cookie stealing, page hijacking, memory corruption, code execution or URL bar spoofing attacks !!

    --
    Mongrel News all the news that fits and froths
  8. AND LYNX! by Anonymous Coward · · Score: 5, Funny

    No holes for Lynx? Oh well...
    (sits back with biggest grin on face)

  9. Re:Go old NoScript by tomhudson · · Score: 4, Funny

    "When are people going to wake-up to this bullshit? "Web apps" give you all the performance of regular apps running on an old 286, with half the features. Wow!"

    Hey, I'm running this on a 286, you insensitive clod!

  10. Command line? Hah! by spun · · Score: 2, Funny

    You young whippersnappers and your fancy shell doo-dads. In my day, we had to lick a live 10Base5 cable to browse gopher and that's the way we liked it!

    --
    - None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
  11. Re:Ah well by rts008 · · Score: 2, Funny

    Thanks for the info! :-)

    I can't convince my wife to switch to *nix/BSD, she is used to WinXP and IE 7 from work, and doesn't want to change. :-(

    I might be able to sneak Firefox in on her with some creative registry hacks, and some install/configure obfustications. We'll see.

    --
    Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
  12. Re:Ah well by Kelson · · Score: 5, Funny

    I use wget.

    You have not truly experienced the web until you have experienced it using telnet to port 80.

  13. No holes? by Kelson · · Score: 5, Funny

    No holes for Opera?

    Are you serious? Have you looked at that icon? There's a huge hole right in the middle, and no one seems to acknowledge it!

  14. Re:Well... by jez9999 · · Score: 2, Funny

    I run Microsoft Windows 95 unpatched, so I am safe. No-one targets this old piece of crap anymore!

    --
    == Jez ==
    Do you miss Firefox? Try Pale Moon.
  15. Re:Ah well by jez9999 · · Score: 4, Funny

    I might be able to sneak Firefox in on her with some creative registry hacks, and some install/configure obfustications. We'll see.

    I'm glad to see the art of practicing trust in marriage is alive and well!

    --
    == Jez ==
    Do you miss Firefox? Try Pale Moon.
  16. You mean "Home Page" security by giafly · · Score: 2, Funny

    homeland security is a fairy tale.

    --
    Reduce, reuse, cycle
  17. Re:Ah well by MrSenile · · Score: 3, Funny

    New to marrage, are we? :)