IE, Firefox Users at Risk From New Flaws

by admin June 30, 2006 at 4:07 am

It’s not every day that a potential security risk emerges that could affect both Microsoft’s Internet Explorer and Mozilla Firefox Web browsers. But it is today.

Reports abound of a flaw that exists in both browsers that could allow for unintended information disclosure that could put users at risk.

Security researcher Plebo Aesdi Nael first reported a pair of vulnerabilities on a public security mailing list. Only one of the flaws affects both IE and Mozilla browsers.

Security firm Secunia has rated the flaws “less critical,” but the SANS Internet Storm Center noted that the risk has, “raised some of our neck hairs.”

The first flaw involves HTML applications (HTAs), which, according to Microsoft, are full-fledged applications that are trusted and display only the menus, icons, toolbars, and title information that the Web developer creates.

The alleged vulnerability requires a user to click on an icon which then takes advantage of the software flaw to disclose potentially confidential user information.

The second flaw involves the exploitation of the “object.documentElement.outerHTML” property.

Full story: