Many web browsers have security flaws
On June 6, many security companies warned of a security vulnerability that exists in a variety of web browsers that could be exploited to steal information.
According to this warning, a series of web browsers such as Internet Explorer, Firefox, Mozilla and SeaMonkey operating on Windows, Linux and Mac platforms are affected by JavaScript key filtering vulnerabilities. A deliberate attacker can take advantage of this vulnerability to steal user's personal information such as credit account information, online banking .
Security firm Symantec, late yesterday, warned that all versions of Internet Explorer and Firefox were affected by the security hole.
" The problem here is that a deliberate attacker can take advantage of the onKeyDown event of the JavaScript client programming language to note all the keyboard activities of the user ," Symantec warned.
Therefore, an attacker can take advantage of this security hole to filter out keyboard actions when the user handles a web form on the web and puts a dialog box to upload the file "invisible" above. that website itself. The information will then be sent back to the attacker.
" To successfully exploit this security hole, the attacker must force the user to manually enter the full path of the file they want to download or some specific keyboard operation from the victim. Therefore, a security vulnerability could become an effective attack tool for web game players, bloggers or similar websites that need users to enter information from the keyboard , "Symantec said. know.
Meanwhile, security firm Secunia only classified this security vulnerability to the "less serious" level - the second step from the bottom up in the 5-step ladder measuring the danger of security errors.
This is an unusual security vulnerability because it not only affects the Internet Explorer browser itself - IE 6.0 is fully installed with patches, even IE 7.0 - but also Firefox or some browsers. of other brands such as SeaMonKey. It is also the first security vulnerability that affects browser versions on a variety of different platforms Windows, Linux, and Mac.
Charles McAuley - the first to discover this security flaw and announced via the list of secure email Full Disclosure on June 5 - announced a code snippet that proved to be fully exploitable. This security.
Symantec recommends that users disable the browser JavaScript feature.
Hoang Dung
- All three of the most popular browsers have vulnerabilities
- Cisco has to fix product security
- Firefox runs more stable with the new upgrade
- Hackers massively exploit Windows security flaws
- Mozilla denies security flaws in Firefox 2
- WiMax has many security flaws
- Mozilla patched 20 critical vulnerabilities in Firefox and Thunderbird
- Cisco warns 2 serious security errors
- McAfee detected 3 new zero-day Office errors
- Is Mac OS X losing security?
- Announcing security bugs on MSN and Amazon
- Security flaws are revealed only as