Flaws discovered in IE, Firefox could lead to data compromise

By Justin Mann on February 12, 2007, 8:36 PM
In a fairly rare event, two flaws have been simultaneously discovered that affect the two most popular browsers in the world in similar fashions. Internet Explorer version 6 and possibly 7 is affected by one flaw, and Firefox 1.5/2.0 is affected by another. Both of the vulnerabilities are based in the browsers ability to upload files to a remote location and could end up resulting in sensitive data being stolen. It is a long shot, though, requiring someone to visit a malicious site and can't it can't just pull arbitrary files out of anywhere. It can, however, be used to steal encrypted password files or other well-known files.

There are two demonstrations linked, one for IE and one for Firefox, that shows how the vulnerability works. Now it will be interesting to see who gets a patch out the door first, Microsoft or Mozilla.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.