holes in MSIE and Firefox

in the recent days new critical security holes in both browsers, Microsoft Internet Explorer 6 and Firefox 1.5.0.2, were made public.

the company secunia found a new exploit for Microsoft Internet Explorer 6, based on an exploit by Michal Zalewski. nested OBJECT-elements prevent MSIE from dereferencing a NULL-pointer in mshtml.dll. this hole can be used to run malicious code on a users machine.

related:
http://secunia.com/advisories/19762/
http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045422.html

the company securident released an exploit for Firefox 1.5.0.2. the function call iframe.contentWindow.focus() can crash the browser. a possible buffer-overflow could result in running malicious code on a users machine. the Firefox-developer Daniel Veditz already confirmed this exploit.

related:
http://www.securident.com/vuln/ff.txt

Friday, 28. April 2006 • trackback url

Add Comment

( to reply to a comment, click the reply link next to the comment )

Comment Title:
Your Name:
Email Address:
Make Public?
Website:
Make Public?

Comment:


Allowed XHTML tags : a, b, i, strong, code, acrynom, blockquote, abbr. Linebreaks will be converted automatically.


Captcha:

captcha image

Soundfile:

Link to a spoken Soundfile of the Captcha

please type the content of the above image or the soundfile into the following form-field: