Slashdot Mirror


Gaping Holes In Fully Patched IE7, Firefox 2

Continent1106 writes "Hacker Michal Zalewski has ratcheted up his ongoing assault on Web browser security models, releasing details on serious flaws in fully patched versions of IE6, IE7 and Firefox 2.0. The vulnerabilities could cause cookie stealing, page hijacking, memory corruption, code execution, and URL bar spoofing attacks." Here is Zalewski's post to Full Disclosure.

12 of 303 comments (clear)

  1. Re:And Opera by WilliamSChips · · Score: 4, Funny

    Naw, Opera just randomly crashes and then has a default behavior of restarting the site that causes it to randomly crash.

    --
    Please, for the good of Humanity, vote Obama.
  2. Woot! by Anonymous Coward · · Score: 4, Funny

    Wow, I'm so glad I installed Firefox so I'm immune to all of these IE bugs!

    Oh, wait, what did that say?

    -AC

    1. Re:Woot! by Mark_in_Brazil · · Score: 4, Funny

      Wow, I'm so glad I installed Firefox so I'm immune to all of these IE bugs!

      Oh, wait, what did that say?
      It said the only critical flaw in the bunch is in MSIE 6 only.

      This has been another edition of Easy Answers to Stupid Astroturfer Questions.
      --
      "It is nice to know that the computer understands the problem. But I would like to understand it too." --Eugene Wigner
  3. Gaping holes? by Paktu · · Score: 5, Funny

    Article tagged as goatse.

  4. Sounds like Terrorist to me. by 3seas · · Score: 5, Funny

    cookie STEALING, page HIJACKING, memory CORRUPTION, code EXECUTION, and URL bar spoofing ATTACKS.

    So where the fuck is home land security when you need them.

    1. Re:Sounds like Terrorist to me. by Anonymous Coward · · Score: 5, Funny

      what's so terrible about urls?

  5. read b4 clicking, warning , danger ! by weighn · · Score: 4, Funny
    http://impoll.net/cgi-bin/v.cgi?p=1585&r=0
    http://impoll.net/cgi-bin/v.cgi?p=1585&r=1

    following could cause cookie stealing, page hijacking, memory corruption, code execution or URL bar spoofing attacks !!

    --
    Mongrel News all the news that fits and froths
  6. AND LYNX! by Anonymous Coward · · Score: 5, Funny

    No holes for Lynx? Oh well...
    (sits back with biggest grin on face)

  7. Re:Go old NoScript by tomhudson · · Score: 4, Funny

    "When are people going to wake-up to this bullshit? "Web apps" give you all the performance of regular apps running on an old 286, with half the features. Wow!"

    Hey, I'm running this on a 286, you insensitive clod!

  8. Re:Ah well by Kelson · · Score: 5, Funny

    I use wget.

    You have not truly experienced the web until you have experienced it using telnet to port 80.

  9. No holes? by Kelson · · Score: 5, Funny

    No holes for Opera?

    Are you serious? Have you looked at that icon? There's a huge hole right in the middle, and no one seems to acknowledge it!

  10. Re:Ah well by jez9999 · · Score: 4, Funny

    I might be able to sneak Firefox in on her with some creative registry hacks, and some install/configure obfustications. We'll see.

    I'm glad to see the art of practicing trust in marriage is alive and well!