Hunting for vulnerabilities

Ever since the final version of Internet Explorer 7 and Firefox 2.0 browsers became available, a major hunt has begun for new software vulnerabilities.

Internet attacks and scams usually reach their target through browsers. Therefore, it is no wonder that the latest Internet Explorer and Firefox applications - after their final versions were released - started a big chase to discover security vulnerabilities. Just a few hours after the release of the browsers, several vulnerabilities could be heard. Examination of these errors reveals that they do not pose a significant risk to users ’data.

Secunia has indicated after the release of Internet Explorer that the new browser contains a vulnerability that could be used to launch phishing attacks. However, this vulnerability soon turned out to be a problem for the new browser, as the vulnerability affects Outlook Express e-mail software. Following the false alarm, Secunia also reported another vulnerability. By exploiting this, attackers can forge addresses in pop-up windows and deceive users, who may download malicious files to their computers. The vulnerability is already being investigated by Microsoft. According to the news so far, the company has confirmed its existence and acknowledged that the URL display is not appropriate in all cases.

Browser bugs are also debugged with Firefox 2.0. So far, two vulnerabilities have been identified that Mozilla did not consider serious. One of the errors when displaying specially edited web pages can cause the browser to crash. It can occur when a browser needs to display a large amount of text within an iframe. Mike Schroepfer, an engineer at Mozilla, said the issue could not be used to launch cyber-attacks. Another vulnerability in Firefox 2.0 allows so-called cross-scripting attacks, and the code needed to exploit it is now available on the Internet. Mozilla developers are still investigating this vulnerability.