Browser Security News

Mozilla Corp. bumped up the threat ranking for an unpatched Firefox bug to "high" Tuesday, but promised a fix is coming in Version 2.0.0.12, now slated for release on Feb. The company’s head of security, Window Snyder, confirmed that the browser, when running any of more than 600 add-ons, can be exploited to steal "session […]

E-mail used to be the actual vector for threats to the PC, but now it’s the browser. Security software is adjusting Look back at the security news three or four years ago and you’ll see a "worm of the week" phenomenon in action. Malware was spread, and botnets created, through e-mail messages. These e-mail messages […]

The feud between Microsoft Corp. and Mozilla Corp. over whose Web browser is more secure heated up again as officials for both companies trotted out statistics to show their application is safer. Jeff Jones, the strategy director in Microsoft’s security technology unit, started the latest bug count battle last Friday, when he posted a report […]

Mozilla provides Firefox 2 for Windows, Linux, and Mac OS X in a variety of languages. A stability update released on 1st November 2007 corrected several problems that were found in the previous release, Firefox 2.0.0.8. A new flaw discovered in the lastest Firefox 2.0.0.9 allows a remote attacker to crash the browser causing a […]

Microsoft is warning users to avoid suspicious websites and emails after attacks were reported on an unpatched flaw in Internet Explorer 7. The company would not provide exact figures, but said that a "limited number " of attacks had been reported. The attacks target a vulnerability in IE7’s handling of the uniform resource indicator (URI) […]

Mozilla Corp. has fixed a critical bug in the way the Firefox browser works with QuickTime media files. The flaw, which was reported last week by hacker Petko Petkov, gives attackers a way to run unauthorized commands on a victim’s PC. "This could be used to install malware, steal local data, or otherwise corrupt the […]

US-CERT is aware of working publicly available exploit code that targets users with Firefox and Quicktime installed. This exploit allows a remote, unauthenticated attack to execute arbitrary commands on an affected system. US-CERT will provide additional information as it becomes available.

Billy Rios and Nate McFeters, who spelled out design and functionality vulnerabilities in Windows’ Uniform Resource Identifier (URI) protocol handling as recently as mid-August, said Saturday that they have uncovered another way hackers could send malicious code to users via browsers. "Once again, these URI payloads can be passed by the mailto, nntp, news, and […]

Malicious JavaScript is getting smarter. It’s now able to fingerprint victims’ Web browsers, vulnerable components and accessible CLSIDs, and deliver custom-tailored exploits, according to Dr. Jose Nazario, senior security engineer for Arbor Networks. Nazario was referring to NeoSploit, a new malware tool he’s seen in the wild that carries at least seven distinct exploits to […]

The Mozilla Foundation is looking at disabling support for the Windows animated cursor format as a workaround for the ANI vulnerability that has left Windows systems open to exploit and complete takeover for the past week. Firefox users who use automatic update should get an update notification for the workaround. Users who have turned off […]