Fasten your seatbelts – Browser vulnerability a day to be announced in July



I hope there aren’t too many browser developers that have planned on taking July off….. I ran across browserfun.blogspot.com where it is planned to release information on a web browser vulnerability EACH DAY for the month of July. This comes to us from HD Moore of Metasploit. Judging from This securityfocus article, most of the vulnerabilities may just lead to a browser crash, but some seem to be remote code execution vulnerabilities. Microsoft Internet Explorer is where they found most of them, but other browsers were NOT immune and did find at least one remotely exploitable vulnerability to gain remote access for each browser tested.


Basically, from security focus…. they’ve used fuzzing tools to test browsers. In the past, fuzzing has been used to test network devices and the attention has been more on servers rather than client application. They’ve found over 50 flaws in Internet Explorer. More background on HD Moore’s details on browser fuzzing can be found here. One of the first two already looks fairly serious…. FRSIRT analysis.

BTW on July 11th Microsoft will no longer provide updates for Windows 98/98SE and ME…. I hope the August updates will address some of these issues (I doubt they’ll have patches in by the July patch day.) Of course, keep in mind it’s NOT JUST Internet Explorer that they’ve found vulnerabilities with. (Although it sounds as though most of them are IE vulnerabilities.)

Related Posts

Blog Traffic Exchange Related Posts
  • Bizarre Internet Explorer 7 problem - Several of my pages are not displayed AT ALL I've been really itching to test this again since I first tried the Vista Beta. In my test of IE7 in the beta of Microsoft Vista, I found that this page came up as "Internet explorer cannot display the webpage." The error page goes on to suggest a number of......
  • Internet Explorer zero-day This time around, the zero day is related to Internet Explorer and activex... (directanimation specifically). Incidents has a good update on the issue. This is a second exploit, there was another at the end of August, MS has an advisory on the issue. I think a safe bet would be......
  • Microsoft Internet Explorer patches for unsupported OS versions (Windows 98 and ME) For starters, if you're using Windows 98 or ME still in a production system, you REALLY need to be looking at migration options and you should realize that the architecture of those systems is NOT conducive to a good secure platform. No XP isn't perfect, but it is an improvement......
Blog Traffic Exchange Related Websites
  • Run infected exe files without getting infected Don't want to infect your system by executing infected executables? Try Sandboxie then. Sandboxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer. How to run infected files with Sandboxie? 1. Download Sandboxie 2. Navigate to the......
  • Steadfast Finances was Hacked, Now Restored. (Thanks HostGator!) Last week, several lines of "seemingly malicious code" found its way into SF's theme. This prompted Google, Firefox, Google Chrome and even Twitter, to quickly label this blog as a "Reported Attack Site". If you happened to visit SF from the RSS feed, the email subscriber list, or basically clicked......
  • New Version of Google Toolbar for Firefox When Firefox 3 was officially released, the Google Toolbar was not supported.  Of course, that didn't stop me from manually updating the MaxVerison myself so that it would work.  Although it didn't take long for Google to release a new version that officially supported Firefox 3, I was disappointed as......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site