All the latest UK technology news, reviews and analysis
|
|
|
07 Jun 2006
Microsoft's Internet Explorer and Mozilla's Firefox are both vulnerable to a new JavaScript flaw that could allow attackers to steal confidential information.
The flaw affects fully patched browsers on Windows, Linux and Mac systems, according to a posting on the Full Disclosure security mailing list.
The issue is caused by the 'OnKeyDown' JavaScript feature that allows websites to capture and duplicate keystrokes entered into data fields, including fields where users enter credit card information.
Security experts noted that exploiting the flaw would require the user to type a fair amount of text. Attackers would therefore most likely target online games or blogs.
Security website Secunia rated the flaw 'less critical' for Internet Explorer and Firefox.
Although the flaw requires a sophisticated attacker to effectively exploit it, it is noteworthy because it spans multiple operating systems and browser vendors.
The SANS Internet Storm Centre warned users to be cautious in allowing JavaScript to run.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Position:Oracle Applications eBusiness Suite Suport...
Software Developer A leading UK Software Application...
I am looking for a permanent senior Drupal Developer...
Retail Consultant - Data Transformation and Migration...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
I never did like Java Script
JavaScript is a pain, it needs a replacement technology soon. I base that on nothing except the fact that I have programmed Java, and it seems that it is as user friendly as it is programmer friendly. Many people already disable it, so why not drop it entirely.
Posted by: Tjaart 24 Jun 2006
FF more secure than IE?
This article clearly shows that the problem also affects FF! Also, the market leader will always attract the most hackers, so if FF ever does get ahead of IE, users will be saying the reverse!
Posted by: Shiraz 08 Jun 2006
Why did this article get published?
Spin Spin Spin. Did the author need some filler? What about this headline: "Huge public online database of known bugs and security risks give attackers information on how to steal your information." Come on, just finding a mention of an old bug and existing known issues is not exactly good journalism or reporting. It does let a very popular headline get continued in the media about security and stealing things from ordinary people in this unknown thing called the internet. Why didn't the author talk about what is the best way to deal with threats? Close the information or open it up so that they community who can really do something about it can help make the situation better?
Posted by: Frank 08 Jun 2006
Firefox is more Sec
Firefox is surer than IE, I never had problems with Firefox. I recommend to use Firefox instead IE.
Posted by: Daniel 08 Jun 2006
So What?
Daniel, I can obtain no value at all from your anecdotal, knee jerk comment. To save some effort I suggest you script this comment and have it submitted to every on-line discussion. It will be just as useful and relevant there as here.
Posted by: ken 08 Jun 2006