IE And Firefox Sport New Zero-day Flaw

Discussion in 'other security issues & news' started by ronjor, Jun 6, 2006.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,764
    Location:
    Texas
    Story
     
  2. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    Javascript eh? Firefox users: Use the NoScript extension for your own safety.
     
  3. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Interesting.

    But, it doesn't affect me: through Core Force, I already denied the browser from accessing any kind of sensible data. Even if the script works and finds the file, it won't upload it. :D

    Still, interesting.
     
  4. bktII

    bktII Registered Member

    Joined:
    Apr 12, 2006
    Posts:
    224
    Or install Opera.

    I try to have both Firefox and Opera "on hand" in both Win XP and Linux. I use NoScript for Firefox and enable Javascript for Opera on a case-by-case basis only.

    bktII
     
  5. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I tend to think that if you're entering sensitive info in forms on sketchy sites you're likely to get burned one way or another, with or without javascript. This one requires so much user interaction to work that I, unfortunately, don't know that much of any software would really help if someone fell for it, unless the software identified the specific script as being malicious. This would be more of a phishing/pharming issue.
     
  6. bktII

    bktII Registered Member

    Joined:
    Apr 12, 2006
    Posts:
    224
    Am not sure that I would place a 1:1 correlation between "unfamiliar Web neighborhoods" and "sketchy sites". However, your point is well taken: "...issue requires that users manually type the full path of files that attackers wish to download..." is more than a little over the top.

    An interesting recent article on "Browsers, phishing, and user interface design" here:

    http://www.securityfocus.com/columnists/405


    bktII
     
Loading...
Thread Status:
Not open for further replies.