TechSpot RSSIT
Cross platform javascript vulnerability leaves IE, Firefox open
Web users beware, as of yesterday Symantec (along with various other security companies) has released a security alert that involves both Internet Explorer and Firefox, which collectively is over 90% of web users. Apparently, there is a cross-platform bug in JavaScript that affects both browsers, one that could potentially result in private information being stolen. From the description of the exploit, it would involve some level of user interaction beforehand and isn't exactly something that can just happen accidentally:
"Exploiting this issue requires that users manually type the full path of files that attackers wish to download…[and] may require substantial typing from targeted users, so keyboard-based games, blogs, or other similar pages are likely to be utilized by attackers to entice users to enter the required keyboard input to exploit this issue," continued Symantec.
While it's unlikely you'll become a victim of this exploit, it's good to be aware of its existence should you notice anything unusual in your browsing.
User Comments (3)
Post a comment| canadian on June 7, 2006 5:21 PM | Wow, unusual for a firefox and a IE bug in one.
|
| DragonMaster on June 7, 2006 6:49 PM | It's a JS bug.
|
| ThomasNews on June 8, 2006 4:32 AM | Curious Opera's not affected(?)
|
