|
 |
| SecurityReason | ||
| WLB | ||
| RSS | ||
| Corporate | ||
| Services | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
| Details : SecurityAlert | ||||
 SecurityAlert : 2781 CVE : CVE-2007-3092 CVE : CVE-2007-3090 CVE : CVE-2007-3089 CVE : CVE-2007-3091 SecurityRisk : High  (About) Remote Exploit : Yes Local Exploit : Yes Exploit Given : No Credit : Michal Zalewski Published : 09.06.2007
Advisory Text : Hello, Will keep it brief. A couple of browser bugs, fresh from the oven, hand crafted with love: 1) Title : MSIE page update race condition (CRITICAL) Impact : cookie stealing / setting, page hijacking, memory corruption Demo : http://lcamtuf.coredump.cx/ierace/ ...aka the bait & switch vulnerability. When Javascript code instructs MSIE6/7 to navigate away from a page that meets same-domain origin policy (and hence can be scriptually accessed and modified by the attacker) to an unrelated third-party site, there is a window of opportunity for concurrently executed Javascript to perform actions with the permissions for the old page, but actual content for the newly loaded page, for example: - Read or set victim.document.cookie, - Arbitrarily alter document DOM, including changing form submission URLs, injecting code, - Read or write DOM structures that were not fully initialized, prompting memory corruption and browser crash. This is tested on MSIE6 and MSIE7, fully patched. 2) Title : Firefox Cross-site IFRAME hijacking (MAJOR) Impact : keyboard snooping, content spoofing, etc Demo : http://lcamtuf.coredump.cx/ifsnatch/ Bugzilla : https://bugzilla.mozilla.org/show_bug.cgi?id=382686 [May 30] Javascript can be used to inject malicious code, including key-snooping event handlers, on pages that rely on IFRAMEs to display contents or store state data / communicate with the server. This is related to a less severe variant independently reported by Ronen Zilberman two weeks earlier (bug 381300). 3) Title : Firefox file prompt delay bypass (MEDIUM) Impact : non-consentual download or execution of files Demo : http://lcamtuf.coredump.cx/ffclick2/ Bugzilla : https://bugzilla.mozilla.org/show_bug.cgi?id=376473 [Apr 04] A sequence of blur/focus operations can be used to bypass delay timers implemented on certain Firefox confirmation dialogs, possibly enabling the attacker to download or run files without user's knowledge or consent. 3) Title : MSIE6 URL bar spoofing (MEDIUM) Impact : mimicking an arbitrary site, possibly including SSL data Demo : http://lcamtuf.coredump.cx/ietrap2/ MSIE6 vulnerability, similar but unrelated to my earlier onUnload entrapment flaw, allows sites to spoof URL bar data. MSIE7 is not affected because of certain high-level changes in the browser. Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
*BSD libc (strfmon) Multiple vulnerabilities
Maksymilian Arciemowicz discovered a Integer Overflow vulnerability in the libc library "strfmon()" function.A vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected *BSD systems. |
||
| Apache |  |
|
» Apache (mod_status) |
||
» Apache (mod_proxy_ftp) |
||
| PHP | |
|
» PHP 5.2.5 and prior : |
||
- 2008-03-25| Copyright © SecurityReason. All Rights Reserved. |