Cross browser javascript vulnerability



It sounds like this vulnerability would take a great deal of user interaction, but cio-today is reporting on a browser vulnerability that affects pretty much every javascript enabled browser. According to Symantec …. “This issue is triggered by utilizing JavaScript ‘OnKeyDown’ events to capture and duplicate keystrokes from users,” and is a way that the attacker could scrape/log things that are typed in (bank information, passwords, etc.) Also, they say “In one scenario, a crafty programmer might be able to trick users into entering personal data into a seemingly secure field on an online payment form, giving the hacker access to anything typed within the field.”


They say it would take a fairly determined attacker and require LOT’s of typing from the user. So, sites that would require LOT’s of user input might be targetted.

Related Posts

Blog Traffic Exchange Related Posts
  • Vmware launches beta of real to virtual converter Vmware has launched a tool (windows only it seems) aimed to convert a REAL running system into a virtual machine. (For use with VMWare's virtualization products. The converter also can convert images from competing virtual machine "platforms"(?) (Microsoft Virtual PC, Microsoft Virtual Server, Symantec Backup Exec System Recovery (formerly LiveState......
  • Firefox zero-day vulnerability (or is it?) I saw a comment somewhere else that zero-day was overused and in essense ANY previously unknown vulnerability in open source software is technically zero day... the intent here though is to use the word in this context.... "vulnerability has been released without giving the vendor an opportunity to patch..." Yes,......
  • Wireless Driver Vulnerabilities There are a couple notes to pass along with regards to some pretty serious vulnerabilities in various wireless network adapter drivers. First, Sans has information on some Intel Centrino updates that resolve some vulnerabilities that would affect the Windows Centrino driver and the ProSet management software. F-secure chimes in on......
Blog Traffic Exchange Related Websites
  • Microsoft Security Bulletin Summary for July 2010 MS10-042 - Vulnerability in Help and SupportCenter Could Allow Remote Code Execution (2229593) "This security update resolves a publicly disclosed vulnerability in the Windows Help and Support Center feature that is delivered with supported editions of Windows XP and Windows Server 2003. This vulnerability could allow remote code execution if......
  • Mac OS X: A Threat is growing… As a devoted Mac user since 1994, it scares me every time I hear other Mac users say, “ The Mac is so safe, I don’t worry about viruses or apply any security features”. Even though to date, there have not been any damaging viruses or attacks successfully applied to......
  • Browser History Hijacking Flaw Browser history hijacking is a flaw in a web browser that allows certain websites access to all the sites a user has ever visited.  This is a techniques used by sporting, news, movie, financial and porn websites to better place ads and check to see if you have visited any......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site