« previous next »
Pages: [1]   Go Down

Author Topic: Old browser hole visits us again  (Read 1917 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34065
  • malware fighter
Old browser hole visits us again
« on: February 13, 2007, 05:20:34 PM »
Hi malware fighters,

An old browser hole opening your boot.ini up and gives access to local files on your hard drive, has re-appeared or actually has never been away. The 7 year old flaw is a vulnerability for Mozilla type browsers and for IE7:
http://www.gnucitizen.org/blog/browser-focus-rip
Test your IE browser for this here: http://lcamtuf.coredump.cx/focusbug/ieversion.html ;
your FF here: http://lcamtuf.coredump.cx/focusbug/ffversion.html
The problem appears because an attacker can steal the focus of certain key-strokes and use those to upload certain files. Read here about the hole:
http://seclists.org/fulldisclosure/2007/Feb/0226.html
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »