Tag Archives: Browser Security

Firefox Vulnerability

Security Focus has published a vulnerability found on Firefox (all releases and platforms) causing a serious security flaw. An attacker can exploit this issue by enticing an unsuspecting victim to view a malicious file using the affected browser.

Exploit code at the link iframes a little xml file with an xslt transform that causes a crash reliably on 3.0 branch and trunk (and presumably 1.9.1, didn’t test). Null, but it’s being called, assuming the worst for the moment.  – extracted

Mozilla developers have already worked out  a fix which will be added to Firefox 3.0.8 which is due next week.

Technorati Tags: , , ,

Browser Password Security test – most failed

Google Chrome and Safari are tied at the bottom of the list of a password security test run by CIS – Chapin Information Services.

Two years ago CIS discovered a flaw on Mozilla that could give “clever attackers” access to your saved passwords. A few days ago CIS ran a security test on all the major browsers and to their horror and surprise most of them did really badly, including Internet Explorer.

Among the problems are three in particular that, when combined,
allow password thieves to take passwords without the user’s knowledge.
They are:

  1. The destination where passwords are sent is not checked.
  2. The location where passwords are requested is not checked.
  3. Invisible form elements can trigger password management.

Read more »

Technorati Tags: , , ,