Tuesday, July 06, 2004

Microsoft Plugs IE; Report Warns All Browsers At Risk. Microsoft released a stop-gap fix for one of several vulnerabilities that have plagued its Internet Explorer just as a security firm warned that virtually every browser -- not just IE -- can be spoofed by hackers. [InternetWeek]

2 things to note on this: Firefox .91 and Mozilla 1.7 (the latest versions of these browsers) are not affected and the exploit as demonstrated requires that you have a trusted site (a bank, etc) that uses frames open and then browse to an untrusted site that injects data into your trusted sites frame set.  See this advisory for details.  For this to be truly evil, someone would need to craft a phishing email with a URL that opens a trusted site immediately followed by bad site that injects some form that captures sensitive information.


9:47:34 AM