Four zero-day bugs found in Internet Explorer and Firefox

A noted security researcher has disclosed four new zero-day vulnerabilities in Microsoft and Mozilla browsers, including a critical flaw in Internet Explorer (IE) and a "major" bug in Firefox.

Share

A noted security researcher has disclosed four new zero-day vulnerabilities in Microsoft and Mozilla browsers, including a critical flaw in Internet Explorer (IE) and a "major" bug in Firefox.

Michael Zalewski, who regularly publishes browser flaw findings, posted details on the full disclosure mailing list for cookie-stealing, keystroke-snooping, malicious downloading and site-spoofing bugs.

The most serious of the four is an IE6 and IE7 flaw which Zalewski rated as being "critical". Dubbing it a "bait-and-switch" vulnerability, he said that the Microsoft browser gives hackers an opportunity to run malicious JavaScript to hijack the PC.

"The entire security model of the browser collapses like a house of cards and renders you vulnerable to a plethora of nasty attacks," Zalewski claimed in notes that accompanied a demonstration of the IE bug. Up-to-date IE6 and IE7 are both at risk, he said, although Firefox is not.

But Mozilla's browser also suffered at Zalewski's hands. A new IFrame vulnerability in Firefox 2.0 can let attackers plant keyloggers or drop malicious content into a legitimate Web site. The flaw, rated as "major," is related to a similar bug discovered last year. Mozilla had patched that problem, but it is understood the fix hadn't plugged all the holes.

The problems affecting Firefox, and Mozilla's email browser Thunderbird, have become increasingly apparent in recent days.

Information was also posted about two other bugs, both rated "medium". A Firefox vulnerability could lead to unauthorized downloads, while IE6 is open to yet another address bar-spoofing flaw. "IE7 is not affected because of certain high-level changes in the browser," Zalewski said of the fourth vulnerability.

Mozilla is aware of both Firefox bugs as they have been posted to its Bugzilla management system, and a Microsoft spokeswoman said the company's security team is looking into Zalewski's claims.

"Upon completion of this investigation, Microsoft will take the appropriate action, which may include issuing a security advisory or providing a security update," she added.

A recent Microsoft update was so protective that it even accidentally ended up preventing some users from installing IE7.

Microsoft also said it knows of no ongoing attacks that are using the new vulnerabilities.

Find your next job with computerworld UK jobs