IE7 and Firefox 2.0 share common points

The latest two browsers, Internet Explorer 7 and Firefox 2.0, share a common logic error. It seems that this incident is even more serious when two new browser versions of Microsoft and Mozilla are not the only "victims". This error affects both IE 5.01, IE6, IE7 and even Firefox 1.5.0.9. Microsoft has stressed that IE7 on Windows Vista will not be attacked in any way.

Michal Zalewski, who discovered IE7's' death grave ', said:' Of all modern browsers, form domains (used to upload user data to a remote server) have Additional protection to prevent scripts from randomly selecting internal files, and automatically accepting formats that users don't know. For example, the parameter '.value' cannot be created or changed. and any changes to '.type' will reset the contents of the domain . '

In case these errors are successfully exploited, the user impact is necessary. In this case, the user will have to access the 'infected' areas of a Web site, both in IE or Firefox. Zalewski explained that the keys entered in unrelated locations could be 'targeted' by an attacker.

To verify the activity of 'grave' in IE7, click http://lcamtuf.coredump.cx/focusbug/ieversion.html. The same content for Firefox can be found at http://lcamtuf.coredump.cx/focusbug/ffversion.html. ' Both of these examples are specific to Windows and require C: BOOT.INI to exist and for users to read. The risk of attack is not limited to any operating system, but I decided to provide a risk for the most popular desktop operating system - the * nix versions access / etc / hosts or / etc / passwd very easy to develop . ' Zalewski added.

Nguyen Nam