Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Slashdot Deals: Prep for the CompTIA A+ certification exam. Save 95% on the CompTIA IT Certification Bundle ×
Internet Explorer

Submission + - IE7 and FF 2.0 share vulnerability

hcmtnbiker writes: Internet Explorer 7 and Firefox 2.0 share a logic flaw. The issue is actually more severe, as the two versions of the Microsoft and Mozilla browsers are not the only ones affected. The vulnerability impacts Internet Explorer 5.01, Internet Explorer 6 and Internet Explorer 7, and Firefox 1.5.0.9. "In all modern browsers, form fields (used to upload user-specified files to a remote server) enjoy some added protection meant to prevent scripts from arbitrarily choosing local files to be sent, and automatically submitting the form without user knowledge. For example, ".value" parameter cannot be set or changed, and any changes to .type reset the contents of the field," said Michal Zalewski, the person that discovered the IE7 flaw. There are Proof of concepts for both IE7 and firefox

Nothing succeeds like the appearance of success. -- Christopher Lascl

Working...