Contact security error IE & Firefox

Security firm Secunia said that both the vulnerability that has been detected in Internet Explorer 7 not only affects this version of the browser but also IE 6 and Firefox versions 1.5 and 2.0.

This is by no means a security bug, but an error that has been a headache for security experts over the years because this is a security bug that is easily exploited. Just add some 'standalone' Javascript code, a website that can completely change the address and content displayed in the pop-up window.

If the browser is equipped with pop-up protection, the theory of the exploit code will be disabled. But if the website containing the exploit code is opened at the same time as a secure site that allows pop-up extraction, the exploit code will still function normally. If the pop-up blocker is disabled, the risk of attack will be higher.

Contact

Picture 1 of Contact security error IE & Firefox The IT news website BetaNews has tested and concluded that the security flaw affects not only IE 7 but also IE 6, Firefox 1.5 and 2.0. Not only that, BetaNews also successfully exploited that security bug in Firefox 1.5 with the pop-up blocker enabled.

Secunia said that the most heavily affected is probably IE 7. " We conducted the test and came to the conclusion that this is a Windows Injection Vulnerability error ."

When the security issue of Windows Injection Vulnerability was first discovered, the solution Microsoft offered was to add a variety of security settings to Internet Options for IE 6. By accessing the Internet Options tab | Security and clicking on Custom Level, find the line 'Navigate sub-frames across different domains' and click on the option 'Disable' the security error will be disabled. By default, IE 7 has been installed.

Tested on a PC running Windows XP, the IE 7 browser with the default configuration has passed the challenge before the security flaw even if the pop-up blocker is disabled. But with other Windows XP systems, the results are not so common. IE 7 can still be completely attacked.

Meanwhile, Firefox 1.5 and 2.0 failed completely before the tests. Only Firefox 2.0 running on Windows Vista RC 2 will pass the test.

However, there are still many questions around the issue that Secunia raised. Theoretically, the security configurations for web browsers in the browser are also applied to pop-up windows. This means that if the pop-up window contains malicious code, it is theoretically blocked.

Hoang Dung