Browser Security News

Malicious JavaScript is getting smarter. It’s now able to fingerprint victims’ Web browsers, vulnerable components and accessible CLSIDs, and deliver custom-tailored exploits, according to Dr. Jose Nazario, senior security engineer for Arbor Networks. Nazario was referring to NeoSploit, a new malware tool he’s seen in the wild that carries at least seven distinct exploits to […]

The Mozilla Foundation is looking at disabling support for the Windows animated cursor format as a workaround for the ANI vulnerability that has left Windows systems open to exploit and complete takeover for the past week. Firefox users who use automatic update should get an update notification for the workaround. Users who have turned off […]

Mozilla is looking at delivering its own remedy for a Windows flaw that could let attackers commandeer a PC running the Microsoft operating system software. Microsoft broke with its monthly patch cycle Tuesday to fix the bug, which cybercrooks had been using since last week to attack Windows PCs. The flaw relates to the way […]

Determina is previewing a version of the ANI exploit that will hijack Mozilla Firefox 2 as well as Internet Explorer 7 running on Vista (with default DEP settings mostly turned off). DEP could have stopped this exploit from running, but it’s turned off for most applications in Windows by default. At this time, Alexander Sotirov […]

Firefox is vulnerable to the nasty Windows animated cursor flaw that can hand over control of your XP or Vista computer, according to a video posted by Determina, the company that originally discovered the vulnerability. In the Determina video, the speaker (possibly Alexander Sotirov, who posted the blog entry) says that under Vista, IE7’s Protected […]

A problem in the way Windows PCs obtain network settings could let attackers hijack traffic, security researchers said Saturday. The problem occurs because of a design bug in the system used by Windows PCs to obtain proxy settings, researchers with security firm IOActive said at the ShmooCon hacker conference in Washington, DC.

The security hole that was closed this week in Firefox, with versions 1.5.0.11 and 2.0.0.3, now also affects the Opera and Konqueror Web browsers. Attackers may be able to exploit the vulnerability to spy on network topology by means of manipulated FTP servers. The FTP command PASV not only allows an alternative port to be […]

Mozilla has issued another minor update to its Firefox 2.0 web browser. New for Firefox 2.0.0.3 is a single security fix that patches up a hole in the browser’s FTP PASV functionality. A malicious web page hosted on a specially-coded FTP server could use this feature to perform a rudimentary port-scan of machines inside the […]

Mozilla Corp.’s Firefox suffered from 26% fewer vulnerabilities in the second half of 2006 than Microsoft Corp.’s Internet Explorer, a security company’s research said yesterday. According to Symantec’s tally, 40 Firefox vulnerabilities were disclosed between August and December 2006; Internet Explorer (IE), meanwhile, was hit with 54 bugs. Opera and Safari — the browser Apple […]

Mozilla Corp. is changing the way it publishes security fixes for its Firefox browser. Over the next day, the open-source company plans to begin delivering bug fixes to a select group of beta testers who will try out the upcoming Firefox 2.0.0.3 version before it is released to all Firefox users.