iTechLog » Browser Security http://itechlog.com Your source to IT solutions, interesting technology news and a hint of Space and Physics. Wed, 09 May 2012 13:02:06 +0000 en hourly 1 http://wordpress.org/?v= Firefox Vulnerability http://itechlog.com/security/2009/03/26/firefox-vulnerability/ http://itechlog.com/security/2009/03/26/firefox-vulnerability/#comments Thu, 26 Mar 2009 16:29:08 +0000 Alex Costa http://itechlog.com/security/2009/03/26/firefox-vulnerability/ Security Focus has published a vulnerability found on Firefox (all releases and platforms) causing a serious security flaw. An attacker can exploit this issue by enticing an unsuspecting victim to view a malicious file using the affected browser. Exploit code …

Read more »

]]>

Security Focus has published a vulnerability found on Firefox (all releases and platforms) causing a serious security flaw. An attacker can exploit this issue by enticing an unsuspecting victim to view a malicious file using the affected browser.

Exploit code at the link iframes a little xml file with an xslt transform that causes a crash reliably on 3.0 branch and trunk (and presumably 1.9.1, didn’t test). Null, but it’s being called, assuming the worst for the moment.  – extracted

Mozilla developers have already worked out  a fix which will be added to Firefox 3.0.8 which is due next week.

Technorati Tags: , , ,

Related Posts

]]> http://itechlog.com/security/2009/03/26/firefox-vulnerability/feed/ 0 Browser Password Security test – most failed http://itechlog.com/itechlog-news/2008/12/17/browser-password-security-test-most-failed/ http://itechlog.com/itechlog-news/2008/12/17/browser-password-security-test-most-failed/#comments Wed, 17 Dec 2008 00:37:17 +0000 Alex Costa http://itechlog.com/itechlog-news/2008/12/17/browser-password-security-test-most-failed/ Google Chrome and Safari are tied at the bottom of the list of a password security test run by CIS - Chapin Information Services. Two years ago CIS discovered a flaw on Mozilla that could give “clever attackers” access to …

Read more »

]]>

Google Chrome and Safari are tied at the bottom of the list of a password security test run by CIS - Chapin Information Services.

Two years ago CIS discovered a flaw on Mozilla that could give “clever attackers” access to your saved passwords. A few days ago CIS ran a security test on all the major browsers and to their horror and surprise most of them did really badly, including Internet Explorer.

Among the problems are three in particular that, when combined,
allow password thieves to take passwords without the user’s knowledge.
They are:

  1. The destination where passwords are sent is not checked.
  2. The location where passwords are requested is not checked.
  3. Invisible form elements can trigger password management.

You can test your own browser at the CIS website.

Technorati Tags: , , ,

Related Posts

]]> http://itechlog.com/itechlog-news/2008/12/17/browser-password-security-test-most-failed/feed/ 0