Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Firefox and IE Zero Days SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Firefox and IE Zero Days
Michal Zalewski has reported several browser bugs worth alerting on

The information was posted to the Full-Disclosure mailing list and has been reported on in Computer World:

Thanks to several readers that made sure we took note.

Here is a brief summary of his report. Please refer to Full-Disclosure for more details:

1) Title : MSIE page update race condition (CRITICAL)
Impact : cookie stealing / setting, page hijacking, memory corruption
Affected : MSIE6 and MSIE7

2) Title : Firefox Cross-site IFRAME hijacking (MAJOR)
Impact : keyboard snooping, content spoofing, etc
Affected : Firefox 2.0

3) Title : Firefox file prompt delay bypass (MEDIUM)
Impact : non-consentual download or execution of files
Affected : Firefox v?.?

3) Title : MSIE6 URL bar spoofing (MEDIUM)
Impact : mimicking an arbitrary site, possibly including SSL data
Affected : MSIE6


49 Posts
Jun 4th 2007

Sign Up for Free or Log In to start participating in the conversation!