New Flaw Hits Internet Explorer and Firefox

Argh! Will we ever be safe the scourge that is the Internet? Not if we care to continue using the Internet. We now have some fresh issues for both IE and Firefox…

Symantec and several other security firms have issued advisories for a new vulnerability discovered in Internet Explorer, Firefox, and other Web browsers running on Windows,
Linux, and Mac systems.

The security companies are warning that the flaw, related to the way browsers handle JavaScript, could allow a specially crafted Web site to steal personal information, such as credit-card and bank-account numbers, from unsuspecting Internet users.

According to Symantec, the flaw affects all versions of Internet Explorer and Firefox.

Browser Safety

“This issue is triggered by utilizing JavaScript ‘OnKeyDown’ events to capture and duplicate keystrokes from users,” Symantec warned.

By most accounts, however, exploiting the flaw would require a fairly determined hacker.

In one scenario, a crafty programmer might be able to trick users into entering personal data into a seemingly secure field on an online payment form, giving the hacker access to anything typed within the field.

In its advisory, Symantec noted that the exploit requires “substantial typing from targeted users,” so keyboard-based games, blogs, or other similar Web pages are likely to be created by attackers to entice users to enter the required text input to exploit the flaw…. Source: NewsFactor Network

[tags]firefox,internet explorer,browser safety[/tags]