Slashdot Mirror

← Back to Stories (view on slashdot.org)

Gaping Holes In Fully Patched IE7, Firefox 2

Posted by kdawson on from the just-when-you-thought-it-was-safe dept.

Continent1106 writes "Hacker Michal Zalewski has ratcheted up his ongoing assault on Web browser security models, releasing details on serious flaws in fully patched versions of IE6, IE7 and Firefox 2.0. The vulnerabilities could cause cookie stealing, page hijacking, memory corruption, code execution, and URL bar spoofing attacks." Here is Zalewski's post to Full Disclosure.

3 of 303 comments (clear)

  1. Ah well by GFree · · Score: 5, Informative

    Gaping Holes In Fully Patched IE7, Firefox 2
    In other words, it doesn't matter which browser you use, you're gonna get F'd in the A regardless? Sounds painful.
    1. Re:Ah well by rts008 · · Score: 5, Informative

      RTFA...Try the demo's...It will reduce the FUD.

      I tried the demo page/file and got no response whatever.

      "2) Title : Firefox Cross-site IFRAME hijacking (MAJOR)
            Impact : keyboard snooping, content spoofing, etc
            Demo : http://lcamtuf.coredump.cx/ifsnatch/
            Bugzilla : https://bugzilla.mozilla.org/show_bug.cgi?id=38268 6 [May 30]"
      from:(http://lcamtuf.coredump.cx/ifsnatch/) which is from:2) Title : Firefox Cross-site IFRAME hijacking (MAJOR)
            Impact : keyboard snooping, content spoofing, etc
            Demo : http://lcamtuf.coredump.cx/ifsnatch/
            Bugzilla : https://bugzilla.mozilla.org/show_bug.cgi?id=38268 6 [May 30]"

      and this:"3) Title : Firefox file prompt delay bypass (MEDIUM)
            Impact : non-consentual download or execution of files
            Demo : http://lcamtuf.coredump.cx/ffclick2/
            Bugzilla : https://bugzilla.mozilla.org/show_bug.cgi?id=37647 3 [Apr 04]"

      I tried both link's test button and got no response whatever.

      IMHO, this must be something related to running Windows, as my Kubuntu 7.04 Feisty w/ Firefox 2.0.04 (with NoScript, Adblock, Adblock Filterset, and Flashblock) just does not act on this.

      I guess I need to install some version of Windows to experience this...I feel deprived and left out!

      Does this work with Firefox w/ NoScript on Windows?

      From past experience, I have no doubts that it works with any version of IE on any Windows platform.

      --
      Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
  2. Re:But in order to be affected... by snowraver1 · · Score: 5, Informative

    It's called a Man-in-the-middle attack. Say you go to google.ca (I'm Canadian) It goes something like this:

    You> Yo DNS server, I wanna Talk to google.

    DNS> Roger that! Go to 72.14.253.103.

    You> Yo 72.14.253.103 Whacha got?

    72.14.253.103>Index.html

    You> Looks like Index.html says I need the google picture.

    Eve (Eve is sitting at the same coffee shop as you. Eve is bad)> Ahem, err, sir, I have this envelope for you. It's from google. It contains your picture. *Sniker*. (You don't notice the snicker)

    You> OH N0E$! TH3 P1CtUr3 us3d a buff3r ov3rflow vuln3rab1lity and n0w you have a virus that mak3s you typ3 lik3 a n00b!

    For more information look here: http://en.wikipedia.org/wiki/Man_in_the_middle_att ack

    --
    Copyright 2010. All rights reserved. This comment may not be copied in any way including, but not limited to caching.