Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Note: You can take 10% off all Slashdot Deals with coupon code "slashdot10off." ×
Security

Submission + - 2 JavaScript holes (with exploits) this week

An anonymous reader writes: Double strike this week for Michal Zalewski, who published JavaScript based exploits for two new web browser vulnerabilities. The one disclosed on Monday allows attacker to read sensitive local files on your computer without your explicit permission, and affects both IE 7 and Firefox 2.0.0.1. The other one allows malicious websites to manipulate authentication cookies for third-party sites, and to possibly do other nasty things as well. A patch for the latter bug, notified to Mozilla on Wednesday, has already been developed and will likely be available in a 2.0.0.2 security upgrade. Obviously enough, users of the NoScript Firefox extension are immune from both these attack vectors.

"Given the choice between accomplishing something and just lying around, I'd rather lie around. No contest." -- Eric Clapton

Working...