Internet Explorer and Firefox suffers from a new zero day flaw

Internet Explorer and Firefox suffers from a new zero day flaw

More security flaws have been discovered. This time it affects both Internet Explorer and Mozilla Firefox web browsers.

Security organizations have warned that users of IE and Mozilla applications (Firefox, Seamonkey, Mozilla Suite) are vulnerable to a JavaScript bug that could allow a determined attacker to dupe users into giving up sensitive personal information.

Since the problem is related to the JavaScript engine, it affects the browsers on all the platforms. Symantec said in a statement on this bug: “This issue is triggered by utilizing JavaScript ‘OnKeyDown’ events to capture and duplicate keystrokes from users.”

It added: “Exploiting this issue requires that users manually type the full path of files that attackers wish to download…[and] may require substantial typing from targeted users, so keyboard-based games, blogs, or other similar pages are likely to be utilized by attackers to entice users to enter the required keyboard input to exploit this issue.”

Secunia has ranked this bug as “less critical” as the bug requires a lot of user interactivity to work.

Leave a Reply