Security hole hits Internet Explorer and Firefox
JavaScript flaw opens door to credit card thieves
Microsoft's Internet Explorer and Mozilla's Firefox are both vulnerable to a new JavaScript flaw that could allow attackers to steal confidential information.
The flaw affects fully patched browsers on Windows, Linux and Mac systems, according to a posting on the Full Disclosure security mailing list.
The issue is caused by the 'OnKeyDown' JavaScript feature that allows websites to capture and duplicate keystrokes entered into data fields, including fields where users enter credit card information.
Security experts noted that exploiting the flaw would require the user to type a fair amount of text. Attackers would therefore most likely target online games or blogs.
Security website Secunia rated the flaw 'less critical' for Internet Explorer and Firefox.
Although the flaw requires a sophisticated attacker to effectively exploit it, it is noteworthy because it spans multiple operating systems and browser vendors.
The SANS Internet Storm Centre warned users to be cautious in allowing JavaScript to run.
V3 Latest
Comcast stock tanks over fears cable operator 'grossly overpaid' for Sky
Comcast's £29.7bn winning bid more than twice the £13.7bn Rupert Murdoch valued Sky at just eight years ago
NASA could nudge or nuke to divert any near-Earth objects
A nuclear strike has been considered, but Bruce Willis is nowhere in sight
Researchers develop 'spray on' antenna technology
Spray-on antenna could enable seamless integration of antennas with everyday objects
NASA's three key missions will return fresh information with 'exceptional potential' for science
Parker Solar Probe, TESS and GOLD missions will deliver exciting data, claims NASA
Most read
