...a JavaScript flaw in fully patched IE 6 and 7... can allow an attacker to fiddle with a document's Document Object Model—a model for representing HTML or XML and related formats.
The result can be cookie stealing or cookie resetting, browser crash, page hijacking, code injection or memory corruption.
The Firefox flaw is also in JavaScript:
[It] can lead to interception of keystrokes and content spoofing, among other things. Mozilla said that the flaw allows attackers to display "offensive, misleading or dangerous contents on trusted sites" or to spoof login prompts. An attacker can also track user behavior, such as timing when a victim arrived and departed at a site...
Full details here, along with demos.
No comments:
Post a Comment