Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Internet Explorer

+ - IE7 and FF 2.0 share vulnerability

Submitted by hcmtnbiker
hcmtnbiker (925661) writes "Internet Explorer 7 and Firefox 2.0 share a logic flaw. The issue is actually more severe, as the two versions of the Microsoft and Mozilla browsers are not the only ones affected. The vulnerability impacts Internet Explorer 5.01, Internet Explorer 6 and Internet Explorer 7, and Firefox 1.5.0.9. "In all modern browsers, form fields (used to upload user-specified files to a remote server) enjoy some added protection meant to prevent scripts from arbitrarily choosing local files to be sent, and automatically submitting the form without user knowledge. For example, ".value" parameter cannot be set or changed, and any changes to .type reset the contents of the field," said Michal Zalewski, the person that discovered the IE7 flaw. There are Proof of concepts for both IE7 and firefox"

The first time, it's a KLUDGE! The second, a trick. Later, it's a well-established technique! -- Mike Broido, Intermetrics

Working...