Cross-browser Firefox/IE flaw worsens

IM app used to launch attack

Shaun Nichols in California

vnunet.com, 17 Jul 2007

The browser flaw which allows attackers to hijack a computer by using Internet Explorer to launch Firefox is affecting other applications as well. 

Security researchers Nate McFeters, Billy Rios and Raghav Dube have disclosed information and working exploit code for a similar vulnerability in Trillian

Advertisement

Like the Firefox attack, the Trillian exploit uses a Uniform Resource Identifier (URI) function as the point of attack. 

The URI allows the browser to launch a third-party application on the user's system in much the same way that a URL is used to access a web page.

When the user visits a specially-crafted page, the application is launched and attack code is run to crash the application and execute code. The attack could be used to remotely install malware on a user's system.

The researchers claim that, while this attack only affects AIM clients, any application that allows for URI access could be targeted with similar attacks.

McFeters, Rios and Dube recommend that developers disable any unnecessary URI functions from their applications.

A Microsoft spokesperson told vnunet.com that the company is "investigating new public claims of a possible vulnerability in Internet Explorer" but would not elaborate further. 

Microsoft has not received reports of any attacks targeting the vulnerability.

  • Have your say
  • Send to a friend
  • Print
  • Digg
  • Reddit
  • Share

Tags:

Do you agree?

Have your say on this article

Further reading

Firefox

Firefox attack uses Internet Explorer

Microsoft browser can pass on attack to rival

Related whitepapers

Related jobs

Most watched

iPhone

Video Review: iPhone 3GS

We put Apple's latest iPhone through its paces

V3.co.uk weekly debrief, 5 Feb 2010

This week we cover the continuing controversy surrounding the Orange T-Mobile deal

More video

Analysis and Reports

Using managed services to protect mobile data users from the latest security threats

Counting the cost of data security: the benefits of secured mobile services

Shifting Disaster Recovery targets with SharePoint and SQL server configurations

Using a hostbased recovery system for mission-critical systems

Poll

Adobe Flash poll

Adobe Flash poll

Do you agree with Steve Jobs about Flash being buggy?

View poll results

Advertisement

White paper library

Keep up to date with the latest products, services and technologies from the world's leading IT companies; IThound.com brings you over 6,000 white papers, case studies and analyst reports.

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

  • More available - 'submit' to view

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Advertisement

Spotlight

Windows 7

Microsoft denies Windows 7 battery problems

Replacement warning functioning normally, claims software giant

Safer Internet Day

Safer Internet Day highlights online threats

Annual initiative warns of phishing, ID theft and social network...

AMD Fusion

AMD details Fusion innovations at ISSCC

Forthcoming chip with four CPU and one GPU cores will...

MSI Wind U135

Review: MSI Wind U135 netbook

A decent netbook incorporating the latest Intel technology in a...

Primary Navigation