On MovieTome: The 10 worst movies of 2009 so far!
BNET Business Network:
BNET
TechRepublic
ZDNet
18 TalkBacks

By Joris Evers
Posted on ZDNet News: Apr 25, 2006 10:57:00 PM

Newly disclosed, unpatched flaws in three browsers could make the Web a more dangerous place to surf, security experts have warned.

Security researchers published details on the bugs in Microsoft's Internet Explorer, Apple Computer's Safari and Mozilla's Firefox to security mailing lists over the weekend. The Firefox and Safari bugs could cause the browsers to crash, while the IE hole could be exploited to hijack a vulnerable Windows computer, Secunia said in advisories on its Web site.

The security monitoring company deems the IE flaw, reported by bug hunter Michal Zalewski, "highly critical." The problem has been confirmed on version 6 of the popular software, but could also affect other versions, the company said. The vulnerability lies in the way IE processes HTML tags. An attacker could exploit the bug by crafting a malicious Web site, Secunia said.

The alerts come just days after security researcher Tom Ferris reported several unpatched holes in Apple software including Safari. Also, Microsoft earlier this month issued a patch for IE to plug 10 holes, most of which it called "critical".

Microsoft is investigating the newly disclosed vulnerability and believes it is not as serious as Secunia claims, the software maker said in an e-mailed statement Tuesday. "Our initial investigation has revealed that the issues described would most likely result in the browser closing unexpectedly or failing to respond," it said.

Symantec also said that the IE flaw could be exploited to run malicious code on a vulnerable PC. However, this has not been confirmed, the security specialist said in a note to subscribers to its DeepSight service. "Exploit attempts likely result in crashing the affected application," Symantec said.

Secunia rates the Firefox and Safari problems as "not critical." A miscreant could cause both browsers to crash by crafting a malicious Web site because of flaws, it said, noting that the programs are flawed in the way certain data is handled.

Safari version 2.0.3 has been confirmed as vulnerable, and other versions may also be affected, Secunia said. Firefox 1.5.0.2, the most recent version, is flawed and so may be earlier versions, according to Secunia's advisory. Apple and Mozilla did not immediately respond to requests for comment.

Because fixes are not available for any of the security holes, Secunia recommends not browsing untrusted Web sites to avoid the problem.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 18 Talkback(s)
The sky is falling...
I'm of the opinion that this article is newsworthy, but not critical.

So someone can craft a webpage that will make the browser go nuts trying to render it. I've done that by accident. How do you do it on purpose?

Interested Amateur... (Read the rest)
Posted by: interested_amateur@... Posted on: 04/27/06 You are currently: a Guest | | Terms of Use
Hyperbole  Yagotta B. Kidding | 04/25/06
Yagotta...  Tony Agudo | 04/25/06
Hi, Jack  Yagotta B. Kidding | 04/25/06
Lo-Jack  Tony Agudo | 04/25/06
Message has been deleted.  Mr. Roboto | 04/25/06
Excellent  KTLA | 04/26/06
domo arigato  PinkFloyd* | 04/26/06
i dont get it...  doh123 | 04/25/06
Re: i dont get it...  stocholm | 04/26/06
Crash may equal security vulnerability  KTLA | 04/26/06
Firefox...no problem  JDThompson | 04/26/06
Yawn......  Laff | 04/26/06
Browser crash vs PC hijacking  itanalyst | 04/26/06
Maybe you should be clued in.  PinkFloyd* | 04/26/06
Time to ditch the current paradigm  ITTech001 | 04/26/06
Good Point!  I am Gorby | 04/26/06
I agree, our existing system is Frankenstein...  JonathonDoe | 04/27/06
The sky is falling...  interested_amateur@... | 04/27/06

What do you think?

advertisement
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
The best support in the Linux business
If Linux is going to power your mission-critical applications, you'd better have the best support known to business. Novell was rated the top provider of Linux technical support.
Learn more >>
Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
Learn more about the free, six-month trial offer>>
The more you simplify, the more you save
When you transition from your existing Red Hat environment to SUSE Linux Enterprise from Novell, you can recognize dramatic cost savings, perhaps as much 50%
Learn more >>
Reduce risk. Reduce complexity. Increase reliability.
A simplified IT environment isn't just less complex. It's also more reliable. Standardize on a single Linux platform with SUSE Linux Enterprise from Novell, and get the world's most interoperable Linux
Learn more >>
Keep Up With The Latest In Document Management with The DocuMentor.
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
Learn more >>
Learn more about tools to grow your business
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
Save time with the UPS Business Essentials Guide
advertisement

White Papers, Webcasts, and Downloads

Enterprise Applications

  • Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
  • New Online Dashboard
  • Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline