But guess which browser's hole is "highly critical"?
By Joris Evers
Published: 26 April 2006 08:45 GMT
Newly disclosed, unpatched flaws in three browsers could make the web a more dangerous place to surf, security experts have warned.
Security researchers published details of the bugs in Microsoft's Internet Explorer, Mozilla's Firefox and Apple's Safari to security mailing lists over the weekend. The Firefox and Safari bugs could cause the browsers to crash, while the IE hole could be exploited to hijack a vulnerable Windows computer, Secunia said in advisories on its website.
The security monitoring company deems the IE flaw, reported by bug hunter Michal Zalewski, "highly critical". The problem has been confirmed on version 6 of the popular software but could also affect other versions, the company said. The vulnerability lies in the way IE processes HTML tags. An attacker could exploit the bug by crafting a malicious website, Secunia said.
The alerts come just days after security researcher Tom Ferris reported several unpatched holes in Apple software including Safari. And, earlier this month, Microsoft issued a patch for IE to plug 10 holes, most of which it called "critical".
Microsoft is investigating the newly disclosed vulnerability and believes it is not as serious as Secunia claims, the software maker said in an emailed statement on Tuesday. It said: "Our initial investigation has revealed that the issues described would most likely result in the browser closing unexpectedly or failing to respond."
Symantec also said the IE flaw could be exploited to run malicious code on a vulnerable PC. However, this has not been confirmed, the security specialist said in a note to subscribers of its DeepSight service. Symantec said: "Exploit attempts likely result in crashing the affected application."
Secunia rates the Firefox and Safari problems as "not critical". A miscreant could cause both browsers to crash by crafting a malicious website because of flaws, it said, noting that the programs are flawed in the way certain data is handled.
Safari version 2.0.3 has been confirmed as vulnerable, and other versions may also be affected, Secunia said. Firefox 1.5.0.2, the most recent version, is flawed and earlier versions may also be, according to Secunia's advisory. Apple and Mozilla did not immediately respond to requests for comment.
Because fixes are not available for any of the security holes, Secunia recommends not browsing untrusted websites to avoid the problem.
Joris Evers writes for CNET News.com
To apply my client is looking for proven skills in JavaScript, using it for basic animation, form validation XHTML, writing XHTML to a hand-coding ...
Bug tracking software. Test Plans, Regression Testing, Automated Testing, Bug Tracking Navigation has partnered with a leading agency with offices ...
delivery focussedDesirable (all)a)Proficient in test driven development / unit testing using tools such as mBunit, nCover.b)Ability to learn and ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Tim Ferguson Exclusive: Former MySQL boss Marten Mickos talks open source Why Microsoft could become one of the "biggest friends of open source" and why Oracle getting its hands on MySQL could be "one of the biggest open source coups ever"...
Naked CIO Naked CIO: Cloud computing more expensive than we thought? Smart IT leaders will examine the impact of how they pay for tech