IE7 & FF vulnerability disclosed

[Anusha]

Details of a Javascript "onUnload" event being mishandled by FF and IE7 have been released:

Although Mozilla Corp. patched one more Firefox bug last week than first reported, the researcher whose work has plagued the open-source browser for weeks has released details about another flaw.

Firefox does not properly handle JavaScript "onUnload" events and can be tricked into taking the user to an unintended destination, said security researcher Michal Zalewski. "This flaw allows the attacker to track your footsteps and either redirect you to the URL you wanted to visit, which wouldn't be noticed at all, or to a similarly named phishing Web site when you choose to visit a target of some significance," Zalewski said.

The bug affects the just-released Firefox 2.0.0.2 and 1.5.0.10 updates, as well as Microsoft's Internet Explorer 7. JavaScript can be disabled in the browsers to block such redirects.

"The big difference in the two browsers is that Firefox 2.0.0.2 displays the correct address for the redirected site in the address bar," Symantec Corp. said in a warning today. "IE7, however, continues to display the URL that the user typed into the address bar, leading to a false sense of security."

Full article at ComputerWorld

 

[Novindu]

hmmmmm 2 bad ha???? cmon man use opera

 

[Anusha]

hmmmmm 2 bad ha???? cmon man use opera

No way! Opera sux!

 

[Novindu]

No way! Opera sux!

u'll come i kno

 

[shan542]

hi,, nice to meet u

 

[Novindu]

hi,, nice to meet u

nice ta meet u 2

 

[sridanu]

hmmm. even with these flaws im sticking to firefox

No one Cant be perfect now can u

 

[prasadana2]

i use 3
Firefox 2...
IE 7
Opera

 

[Anusha]

u'll come i kno

Wanna bet?

 

[life]

hmmm. even with these flaws im sticking to firefox

No one Cant be perfect now can u

Yes! Firefox is the relatively best browser

 

[Anusha]

In Opera, AI Roboform doesn't work. This is more than enough for me not to use Opera.