Category: Security

WebKit Vulnerabilities Fixed

By | June 11, 2009 | 0 Comments

WebKit Vulnerabilities FixedThe latest Chrome version 2.0.172.31 and Safari 4.0 has fixed one of the vulnerabilities which was exploited in WebKit earlier this month.

As H Online describes: A vulnerability in WebKit can be exploited by an attacker to crash a tab or execute arbitrary code in Google Chrome due to a memory corruption issue in WebKit’s handling of recursion in certain DOM event handlers. For an attack to be successful, a victim must first visit a maliciously crafted website. The malicious code, however, will be sandboxed, limiting the damage that an attacker can do when exploiting the vulnerability.

Thanks to mabdul for sending this.

Weekly Browsers Recap, May 18th

By | May 18, 2009 | 0 Comments

Weekly Browsers Recap, May 18th

Mac OS X 10.5.7 Update

By | May 13, 2009 | 0 Comments

Mac OS X 10.5.7 UpdateThe latest Mac OS X 10.5.7 update resolves few security issues for both, Safari 4 and 3.2.3 web browsers.

To get more details, please visit the following:

About the Safari 4 Public Beta Security Update
About the security content of Safari 3.2.3

Weekly Browsers Recap, May 11th

By | May 11, 2009 | 0 Comments

Weekly Browsers Recap, May 11th

Firefox – Browser with the Most Disclosed Vulnerabilities

By | April 15, 2009 | 14 Comments

From .PDF (download)

“This year, Secunia published advisories for the four most widely used web browsers: Internet Explorer (IE), Safari, Opera, and Mozilla Firefox. 31 vulnerabilities were reported for Internet Explorer (IE 5.x, 6.x, and 7), including those publicly disclosed prior to vendor patch as well as those included in Microsoft Security Bulletins. Continue Reading

Phishing with Images Containing Hidden Code

By | April 7, 2009 | 2 Comments

H-Online writes:

“Arbor Networks, which specialises in combating distributed denial of service (DDoS) attacks, reports on it’s blog that a named web site is actively exploiting Internet Explorer’s MIME-sniffing problem to create phishing attacks. The perpetrators send email containing a supposedly harmless link that seemingly leads to a JPEG image, but the photo contains hidden HTML and JavaScript code that displays a fake eBay login page. While Firefox and Safari return an error message when loading the image, Internet Explorer executes the code.”

Continue reading at h online

Thanks to mabdul for a link.

Weekly Browsers Recap, March 30th

By | March 30, 2009 | 0 Comments

Web Browsers Protection against Socially Engineered Malware

By | March 26, 2009 | 14 Comments

Now this is something new. According to NSSLabs, over 50% of malware infections occur via internet download. In the recent study they have tested 6 most popular web browsers to see how well they protect surfer against web based malware.

Effectiveness results (more is better)

Internet Explorer 8 (RC1) – 69%
Firefox 3.07 – 30% Continue Reading

Pwn2Own: Hacker Exploits IE8, Firefox, Safari

By | March 19, 2009 | 8 Comments

From ZDNet

“He won a cash prize and got to keep the hardware. Details of the vulnerability, which was described by contest sponsor TippingPoint ZDI as a “brilliant IE8 bug!” are being kept under wraps.

“Nils” also scored a clean hit against Apple’s Safari (he was the second hacker to exploit Safari) and, later in the afternoon, he exploited a Firefox zero-day flaw to claim the trifecta.”

In case you are interested, Mac was hacked in 10 seconds.

Nothing about Opera or Chrome yet.

[digg-reddit-me]

eBay Scammers Work Unpatched Vulns in Firefox, IE

By | March 10, 2009 | 0 Comments

From TheRegister:

“eBay scammers have been exploiting unpatched vulnerabilities in the Firefox and Internet Explorer browsers to deliver counterfeit pages that try to dupe people surfing the online auction house to bid on fraudulent listings.”

Continue reading at The Register