Browser Security News

Web browser makers are getting quicker at patching vulnerabilities, according to antivirus vendor Symantec’s latest global security report.
The average time between the release of malicious code that targets Web browsers and patches, dubbed the "window of exposure", was smaller for most vendors during the first half of 2006 compared with the last half of 2005, [...]

E-mailed bait to exploits of the still-unpatched vulnerability in Internet Explorer have been sent, a security company said Monday, escalating the threat facing Windows users. In addition, an earlier zero day bug in IE is now being exploited in the wild, and an unfixed flaw in Windows Media Player is behind a third attack.

Browsers are the target of choice for hackers, Symantec said Monday in its bi-annual Internet threat report, which backed that up with data showing vulnerabilities for IE, Firefox, and Safari have increased in the last six months.
According to Symantec’s Internet Security Threat Report, which was released Monday, 7 out of every 10 new vulnerabilities uncovered [...]

Hackers are intensifying their attacks on Internet Explorer users, increasing the chances that Microsoft Corp. will patch a critical flaw in the software ahead of its regularly scheduled Oct. 10 security update. On Sunday, hackers released sample code showing how to exploit the IE flaw on a fully patched version of Windows XP, a move [...]

Hackers are hitting paydirt in their search for browser bugs.
According to Symantec’s twice-yearly Internet Security Threat Report, hackers found 47 bugs in Mozilla’s open-source browsers and 38 bugs in Internet Explorer (IE) during the first six months of this year. That’s up significantly from the 17 Mozilla and 25 IE bugs found in the previous [...]

A high-profile group of computer security professionals scattered around the globe has created a third-party patch for the critical VML vulnerability as part of a broader effort to provide an emergency response system for zero-day malware attacks.

A zero-day exploit was discovered by Sunbelt Software in the Microsoft Windows implementation of Vector Markup Language (VML). According to Microsoft, VML is defined as:
Vector Markup Language (VML) is an XML-based exchange, editing, and delivery format for high-quality vector graphics on the Web that meets the needs of both productivity users and graphic design professionals. [...]

Sunbelt’s recent Vector Markup Language (VML) vulnerability discovery has drawn some attention here on the blogs, and rightly so. The impact of the vulnerability is fairly significant and there are reports that malicious sites are exploiting the vulnerability to install malicious code of all sorts.
For those without perimeter/endpoint defenses to identify the exploit and those [...]

A tweaked version of Firefox that makes Web browsing anonymous has been released by a group of privacy-minded coders.
Every few minutes, the Torpark browser causes a computer’s IP address to appear to change. IP addresses are numeric identifier given to computers on the Internet. The number can be used along with other data to potentially [...]

A company that has already made some headway with security-conscious consumers with a freeware/commercial combo of browser virtualization software for Internet Explorer, today released a new edition exclusively for Firefox users on Windows systems. GreenBorder uses what it describes as "just-in-time virtualization" to build an extensible operating environment around the browser, separating its session from [...]