Vulnerabilities in IE, Firefox a wake-up call, exec says

Four recently discovered vulnerabilities in two rival Internet browsers should serve as a “wake-up call” to Web surfers, Canadian security experts say.

Last week, Polish computer security expert Michal Zalewski disclosed two flaws he found in Mozilla’s open-source Firefox browser and two defects in Microsoft’s Internet Explorer (IE).

According to Zalewski’s posting on the Full-Disclosure mailing list, the most critical vulnerability resides in IE.

The flaw allows hackers to steal sign-on cookies from online banks and other trusted sites as well as “hijack” a victim’s machine, said Zalewski, who has achieved fame as a white-hat hacker.

He said malicious hackers can take advantage of a “brief window of opportunity” when IE navigates from a sensitive Web page to an unrelated site. During this time, an attacker can execute JavaScript actions that can compromise a victim’s machine.

Read More.. It Business

~LC