Flaws discovered in IE, Firefox could lead to data compromise

By Justin Mann on February 12, 2007, 8:36 PM
In a fairly rare event, two flaws have been simultaneously discovered that affect the two most popular browsers in the world in similar fashions. Internet Explorer version 6 and possibly 7 is affected by one flaw, and Firefox 1.5/2.0 is affected by another. Both of the vulnerabilities are based in the browsers ability to upload files to a remote location and could end up resulting in sensitive data being stolen. It is a long shot, though, requiring someone to visit a malicious site and can't it can't just pull arbitrary files out of anywhere. It can, however, be used to steal encrypted password files or other well-known files.

There are two demonstrations linked, one for IE and one for Firefox, that shows how the vulnerability works. Now it will be interesting to see who gets a patch out the door first, Microsoft or Mozilla.

User Comments: 1

Got something to say? Post a comment
nathanskywalker said:
[quote]The vulnerability resides in the functionality that allows the browsers to upload files to a remote server. It requires a victim to visit a booby-trapped website and enter text with certain characters in a comment interface or other input field.[/quote]So, it's not a widespread problem, yet. That's nice..[quote]steal encrypted password files[/quote]The answer to this is simple: Don't keep you passwords on your pc ;). Of course, if you can't remember 20 different passwords, password storage can make things far less...difficult.
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.