Cross platform javascript vulnerability leaves IE, Firefox open

By Justin Mann on June 7, 2006, 11:40 AM
Web users beware, as of yesterday Symantec (along with various other security companies) has released a security alert that involves both Internet Explorer and Firefox, which collectively is over 90% of web users. Apparently, there is a cross-platform bug in JavaScript that affects both browsers, one that could potentially result in private information being stolen. From the description of the exploit, it would involve some level of user interaction beforehand and isn't exactly something that can just happen accidentally:

"Exploiting this issue requires that users manually type the full path of files that attackers wish to download…[and] may require substantial typing from targeted users, so keyboard-based games, blogs, or other similar pages are likely to be utilized by attackers to entice users to enter the required keyboard input to exploit this issue," continued Symantec.
While it's unlikely you'll become a victim of this exploit, it's good to be aware of its existence should you notice anything unusual in your browsing.




User Comments: 3

Got something to say? Post a comment
canadian said:
Wow, unusual for a firefox and a IE bug in one.
DragonMaster said:
It's a JS bug.
ThomasNews said:
Curious Opera's not affected(?)
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.