[ENEWS Message] Local Time Wednesday, Safety Information Supplier Secunia issued information show: Mozilla Foundation's multiple versions of browsers, Opera browser, Konquer browser on Linux platform, enhanced two IE features There are two security defects related to label browsing in the third-party plug-in.
One of the defects is that the malicious website opened in a tab window can access the information entered in another tab window; another defect is that the malicious website can open a conversation that appears in another tab window frame.
Thomas Christien, Technical Director of Secunia, said: "I think the reason why the problem, is the developer does not take into account the consequences of all browser labels in an application window when developing browsers. This is the problem of the problem. "
Secunia recommends that users who use label browsing features When accessing non-credit sites, do not use JavaScript features or visit trust websites.
On Tuesday, the KDE project team fixes the above two defects in the latest version of the Konqueror browser. Chris Huffman, Design Supervisor of the Mozilla Foundation, will correct the above two defects when Firefox 1.0 is released. Currently, Opera has not heard Opera opinions on these two defects.
Microsoft's IE browser is also being "tortured" - security researcher http-equiva discovers two more serious security defects in IE browser: the first defect expands the so-called "drag and drop in August The function of defects uses this defect, and hackers can place HTML code on the infected computer.
According to Secunia's announcement, the second more serious security defect is to bypass the security mechanism in Windows XP SP2. The Windows XP SP2 released in August this year has strengthened the security protection of XP operating systems. Even if the patch of SP2 released this month cannot prevent hackers from using this defect to execute an HTML document on the user's computer.
If the hacker uses these two defects, it can be placed on the user's computer and perform malicious code. HTTP-Equiv said in an e-mail that these two flaws are not new, but the expansion of the original defects.
Microsoft believes that hackers should take advantage of these two defects. It said in a statement that early reports show that hackers need users to execute a series of operations to start attacks. First, hackers need to induce users to access a "special" malicious website, followed by performing a series of special operations on the site, then restart the computer or suspended network connection, all after all, hackers The purpose can succeed. Microsoft has not received a report of the attack on these two defects.
Technical Director of Secunia's technical director said that compared with other browsers, the defects in IE browser have very huge, and these defects are very serious and should be corrected in time.
From:
enet
