Multiple Browser Vulnerability
FrSIRT has reported a vulnerability in the most widely used browsers, which could be exploited by remote attackers to gain unauthorized access to arbitrary files.
The flaw stems from a design error that allows keystroke events to be cancelled through JavaScript code, which could be exploited by remote attackers to make users upload arbitrary files inadvertently from a vulnerable system to a malicious host.
To do this, it is necessary to trick target users into visiting a maliciously crafted web page and carry out certain actions (like typing a text in a text field), which will cause an arbitrary file to be uploaded automatically.
Rather unusually, this flaw does not affect a single browser, but several: Mozilla Firefox 1.5.0.4 and prior versions, Mozilla SeaMonkey 1.0.2 and prior versions, Netscape 8.1 and prior versions, Mozilla Suite 1.7.13 and prior versions, and Internet Explorer 6 and 5.01.
Also, a demo exploit has been published as proof of concept for this flaw.
Multiple Browser Vulnerability
Computer Security
http://www.technorati.com/tags/multiple+browser+vulnerability
posted by Unsecure at 8:52 PM
<< Home