
Security hole hits Internet Explorer and Firefox
JavaScript flaw opens door to credit card thieves
Microsoft's Internet Explorer and Mozilla's Firefox are both vulnerable to a new JavaScript flaw that could allow attackers to steal confidential information.
The flaw affects fully patched browsers on Windows, Linux and Mac systems, according to a posting on the Full Disclosure security mailing list.
The issue is caused by the 'OnKeyDown' JavaScript feature that allows websites to capture and duplicate keystrokes entered into data fields, including fields where users enter credit card information.
Security experts noted that exploiting the flaw would require the user to type a fair amount of text. Attackers would therefore most likely target online games or blogs.
Security website Secunia rated the flaw 'less critical' for Internet Explorer and Firefox.
Although the flaw requires a sophisticated attacker to effectively exploit it, it is noteworthy because it spans multiple operating systems and browser vendors.
The SANS Internet Storm Centre warned users to be cautious in allowing JavaScript to run.
V3 Latest
TSB IT disaster: Now TSB calls in IBM to rescue re-platforming project
Users complain they haven't been able to access their accounts or withdraw money
AMD Ryzen CPU release dates, specs and price: AMD revenues up 40 per cent on booming Ryzen sales
CEO Dr Lisa Su hails 'outstanding start to 2018' and re-asserts AMD's commitment to PC gamers
Scientists find adding nanowires to lithium-ion batteries could reduce fire risk
As well as increase capacity and performance
TSMC starts high volume production of 7nm chips
Claims to have "the most competitive logic density" in the industry