Return to UOCC HomeComputing News Home
Header bar

Spotlight on Browser Security

If you're a Windows user who routinely browses the Internet with Microsoft Internet Explorer (IE), you should be aware that the Danish security research firm Secunia is now warning that a months' old, still unpatched, IE vulnerability is even more dangerous than before.

Even if you have installed Microsoft's XP Service Pack 2, you are still vulnerable, and it appears that the patches released by Microsoft on January 11 do not include a remedy for IE.

Vulnerability test: Secunia has created a test for IE users to check their vulnerability. To take the test, go to
http://secunia.com/internet_explorer_command_execution_vulnerability_test/

For more details on Secunia's report, see http://www.informationweek.com/story/showArticle.jhtml?articleID=57700320

Also see "Internet Explorer Still Vulnerable on Several Fronts" under Security Alerts on page 18.

All Major Browsers Affected by Pop-up Flaw that Facilitates Phishing Ploys

A "window injection" vulnerability common to almost all major browsers leaves the door open for phishing scammers to masquerade as legitimate businesses or institutions and glean sensitive ID information from visitors to pop-up sites. What makes this exploit particularly treacherous is that a perfectly legitimate pop-up window that's opened via a trusted website can later be hijacked by a malicious website, easily fooling the unwary user. For complete details, see http://news.zdnet.com/2100-1009_22-5484315.html

Check Your Vulnerability to Pop-up Phishing

Secunia has devised a simple test that can tell you if you're vulnerable to pop-up window phishing. To take the test, go to
http://secunia.com/multiple_browsers_window_injection _vulnerability_test/

"Less Critical" Mozilla, Firefox Vulnerability Invites Phishing Scams

Hackers can easily "spoof," or mimic, the source URL address displayed in Mozilla's Download Dialog box. This flaw has been confirmed in Mozilla 1.7.3 for Linux, Mozilla 1.7.5 for Windows, and Mozilla Firefox 1.0, and may also be present in other versions.

No solution is currently available, but the vulnerability is slated to be fixed in future product updates. In the meantime, users are advised not to follow download links from untrusted websites. See http://www.vnunet.com/news/1160352

Critical New Flaw Discovered in Mozilla

In January, iSEC security researchers found a flaw in the way Mozilla handles Network News Transfer Protocol (NNTP). All versions prior to 1.7.5 are vulnerable to this flaw, which could allow an attacker to execute arbitrary code on a victim's machine.

To remedy this problem, upgrade to the latest version of Mozilla, which is available for downloading at http://www.mozilla.org/products/mozilla1.x/

For more details, see "Critical flaw plagues Mozilla," at http://www.vnunet.com/news/1160400

Winter 2005 Computing News | Computing Center Home Page