Many web browsers have security flaws

On June 6, many security companies warned of a security vulnerability that exists in a variety of web browsers that could be exploited to steal information.

On June 6, many security companies warned of a security vulnerability that exists in a variety of web browsers that could be exploited to steal information.

Picture 1 of Many web browsers have security flaws
According to this warning, a series of web browsers such as Internet Explorer, Firefox, Mozilla and SeaMonkey operating on Windows, Linux and Mac platforms are affected by JavaScript key filtering vulnerabilities. A deliberate attacker can take advantage of this vulnerability to steal user's personal information such as credit account information, online banking .

Security firm Symantec, late yesterday, warned that all versions of Internet Explorer and Firefox were affected by the security hole.

" The problem here is that a deliberate attacker can take advantage of the onKeyDown event of the JavaScript client programming language to note all the keyboard activities of the user ," Symantec warned.

Therefore, an attacker can take advantage of this security hole to filter out keyboard actions when the user handles a web form on the web and puts a dialog box to upload the file "invisible" above. that website itself. The information will then be sent back to the attacker.

" To successfully exploit this security hole, the attacker must force the user to manually enter the full path of the file they want to download or some specific keyboard operation from the victim. Therefore, a security vulnerability could become an effective attack tool for web game players, bloggers or similar websites that need users to enter information from the keyboard , "Symantec said. know.

Meanwhile, security firm Secunia only classified this security vulnerability to the "less serious" level - the second step from the bottom up in the 5-step ladder measuring the danger of security errors.

This is an unusual security vulnerability because it not only affects the Internet Explorer browser itself - IE 6.0 is fully installed with patches, even IE 7.0 - but also Firefox or some browsers. of other brands such as SeaMonKey. It is also the first security vulnerability that affects browser versions on a variety of different platforms Windows, Linux, and Mac.

Charles McAuley - the first to discover this security flaw and announced via the list of secure email Full Disclosure on June 5 - announced a code snippet that proved to be fully exploitable. This security.

Symantec recommends that users disable the browser JavaScript feature.

Hoang Dung

Update 12 December 2018
« PREV
NEXT »
Category

Technology

Life

Discover science

Medicine - Health

Event

Entertainment