Next Page >>
Internet browser
From your paper:
>>It is noteworthy that it has taken 19 months since the initial general
availability of IE7 (public release October 2006) to reach 52.5%
proliferation amongst users that navigate the Internet with Microsoft's
Web browser. Meanwhile, 92.2% of Firefox users have migrated to FF2.
Could this be due to the fact that Mozilla stops supporting, and issuing
updates for old versions just a few months after the release of a new
one?
1. XSS 1
A HTTP GET request against the following URL will, on a web browser
with Javascript support, cause a dialog box saying '1' to be displayed:
http://CACTIHOST/graph.php?action=zoom&local_graph_id=1&graph_end=1%27%20style=visibility:hidden%3E%3Cscript%3Ealert(1)%3C/script%3E%3Cx%20y=%27
This vulnerability is only exploitable if the victim is allowed to view
Hi List,
For the last 18 month we analyzed the daily USER-AGENT data collected by
Google's Web search and application servers around the world to study how users
patch and update their Web browsers.
We came out that approximately 637 million (or 45.2 percent) users currently
surf the Web on a daily basis with an out-of-date browser – i.e. not running a
current, fully patched Web browser version.
> From your paper:
>
>>>It is noteworthy that it has taken 19 months since the initial general
> availability of IE7 (public release October 2006) to reach 52.5%
> proliferation amongst users that navigate the Internet with Microsoft's
> Web browser. Meanwhile, 92.2% of Firefox users have migrated to FF2.
>
> Could this be due to the fact that Mozilla stops supporting, and issuing
> updates for old versions just a few months after the release of a new
> one?
- Hijack user accounts by stealing the victim's cookies that are
assigned to the victim's browser by the vulnerable website
- Hijack user accounts by injecting a "fake" html form on the html
rendered by the victim's web browser
- Redirect the victim to a malicious third-party website which would
perform a phishing attack to steal the user credentials or exploit a
vulnerability (i.e.: buffer overflow) on the
A reply from Robert Hensing at Microsoft
(http://blogs.technet.com/robert_hensing/archive/2008/07/01/vulnerable-w
eb-browser-study-full-of-fail.aspx) says that your study did not include
minor version information for Internet Explorer, probably because such
information is not reported in the user-agent string. But fully-patched
copies of IE5 and IE6 are not insecure in the same way as an unsupported
version; Microsoft is still supporting them.
So is it true that your study calls anyone running IE7 secure, and
anyone running IE5 or IE6 insecure, regardless of their patch levels?
Summary:
Multiple vulnerabilities in Firefox and Xulrunner
Software Description:
- firefox: safe and easy web browser from Mozilla
- xulrunner-1.9.2: XUL + XPCOM application runner
- firefox-3.5: safe and easy web browser from Mozilla
- firefox-3.0: safe and easy web browser from Mozilla
Details:
- Hijack user accounts by stealing the victim's cookies that are
assigned to the victim's browser by the vulnerable website
- Hijack user accounts by injecting a "fake" html form on the html
rendered by the victim's web browser
- Redirect the victim to a malicious third-party website which would
perform a phishing attack to steal the user credentials or exploit a
vulnerability (i.e.: buffer overflow) on the victim's web browser in
order to compromise the victim's workstation
======================================================================
Flock web browser v2.5.6 (Remote Memory Corrupt) Crash Exploit
======================================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
Introduction:
=============
Each iGuard Biometric / Smart Card Security Appliance has a built-in Web Server enables all the computers in the corporate
network to directly simultaneously access the device using any Internet Browser, such as Microsoft Internet Explorer Netscape
Navigator. Different computer platforms such as Apple Macintosh, Microsoft Windows Linux machines can access the device. No
additional software is required. So whether you are in an airport lounge or a hotel room, you can always check if your employees
are already in the office or not, and you can even control, modify or disable their access rights to your office remotely via
internet connection provided your iGuard Biometric / Smart Card Security Appliance is connected to an external IP address or
your network is available through a VPN connection that is reachable from your location.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Advisory Name: Chrome Password Manager Cross Origin Weakness
Release Date: 2010-02-15
Application: Google Chrome Web Browser
Versions: 4.0.249.78, 3.0.195.38, and likely earlier
Severity: Medium/Low
Author: Timothy D. Morgan <tmorgan (a) vsecurity . com>
Vendor Status: Update Released [2]
CVE Candidate: CVE-2010-0556
QuickTime is prone to a heap overflow vulnerability when parsing
malformed Panorama Sample Atoms, which are used in QuickTime Virtual
Reality
Movies. This Vulnerability allows attackers to execute code on
vulnerable installations. Successful exploitation via Web Browser
requires that the
attacker should trick the user into visiting a specially crafted webpage.
Affected versions :
http://labs.idefense.com/intelligence/vulnerabilities/
Jul 20, 2011
I. BACKGROUND
Safari is Apple's web browser, and is based on the open source WebKit
browser engine. MobileSafari is Safari for Apple's mobile devices
including the iPad and iPhone. For more information, see the vendor's
site found at the following link.
http://www.apple.com/safari/
III. ANALYSIS
Successful exploitation allows an attacker to execute arbitrary code in
the context of the current user. Social engineering is required, as an
attacker must trick a user into viewing an image in the Web Browser,
viewing an e-mail with embedded image, opening an office file with
embbeded image, or downloading an image file and opening it within a
graphics rendering program.
IV. DETECTION
- Gallery -- begins to scan all images in phone memory and card, and
crashes soon, obviously when it encounters nokiacrash.jpg. So, just
putting this file anywhere in the filesystem is Gallery DoS.
- Web Browser -- does nothing when typing file:///E:/nokiacrash.jpg, but
crashes upon <IMG SRC=nokiacrash.jpg> in HTML file (of course,
Settings->Page->Load Content have to be set to "Images" or "All",
otherwise IMG tags are skipped).
_________________________________________
http://labs.idefense.com/intelligence/vulnerabilities/
Feb 12, 2008
I. BACKGROUND
Internet Explorer is a graphical web browser developed by Microsoft
Corp. that has been included with Microsoft Windows since 1995. For
more information about Internet Explorer, visit following URL.
http://www.microsoft.com/ie/
found, this file will be executed. Normally this will result in a
command shell. The path name can be set to anything that is supported by
Windows, including UNC names (i.e.
\\servername\sharename\executable.exe) but also URLs (i.e.
http://www.akitasecurity.nl/advisory/RunCalc.exe). For URLs, Outlook
will open the default web browser. For other types of URIs, the
registered protocol handler determines how the supplied URI is opened
and by which application.
------------------------------------------------------------------------
Attachment file names
Method 1:
The updates are available for download using the following procedures:
1. Open a web browser and visit http://www.hp.com
2. In the Search field, type the applicable SoftPaq number from the list below. Start the search.
3. Select an item from the search results.
Novell iManager is a Web-based administration console that provides
customized secure access to network administration utilities and
content from any location in the world. With iManager you can manage
Novell Open Enterprise Server, Novell Identity Manager, Novell
eDirectory and many other Novell and third-party services from a web
browser. Novell iManager is prone to a stack-based buffer overflow
vulnerability that can be exploited by authenticated users to execute
arbitrary code, and to an off-by-one error that can be abused by
remote, unauthenticated attackers to cause a Denial of Service to the
application.
Advisory URL: http://www.toucan-system.com/advisories/tssa-2011-02.txt
--[ Introduction:
Opera is a web browser having a market share of about 2,74%
following http://en.wikipedia.org/wiki/Usage_share_of_web_browsers .
Following the vendor, it runs on "Mac, PC and Linux computers, mobile
phones and PDAs, game consoles, and other devices like the
Nintendo Wii, DS, Sony Mylo, and more."
pre-deployed, the client software is installed and run like any other
application.
When the Cisco AnyConnect Secure Mobility Client is deployed from the
VPN headend, an SSL connection is initiated to the VPN headend using
a web browser. After the user logs in, the browser displays a portal
window and when the user clicks the "Start AnyConnect" link, the
process of downloading the Cisco AnyConnect Secure Mobility Client
begins. This action causes the browser to first download a "helper"
application that aids in downloading and executing the actual Cisco
AnyConnect Secure Mobility Client. The helper application is a Java
http://labs.idefense.com/intelligence/vulnerabilities/
Dec 09, 2008
I. BACKGROUND
Internet Explorer is a graphical web browser developed by Microsoft
Corp. that has been included with Microsoft Windows since 1995. For
more information about Internet Explorer, please the visit following
website: http://www.microsoft.com/ie/
II. DESCRIPTION
[MajorSecurity Advisory #64]Apple Safari 4.0.4 Denial of Service
Details
============
Product: Apple Safari Webbrowser
Security-Risk: low
Remote-Exploit: yes
Vendor-URL: http://www.apple.com/safari/
Vendor-Status: informed
Advisory-Status: published on 02-02-2010
> "[..]it's counterproductive to bash Firefox.[..]"
I have no intension of bashing Firefox. However, in
my opinion, such link obfuscation touches effectively
every man in the street, and a web browser should tackle
a problem in a different way. (differnt treatment of
misguiding URL elements, problem of direct linking, etc.)
# W3C Amaya 10.1 Web Browser
#
# Amaya (id) Remote Stack Overflow Vulnerability
#
# Written and discovered by:
# r0ut3r (writ3r [at] gmail.com / www.bmgsec.com.au)
#
# Advisory: http://www.bmgsec.com.au/advisory/41/
# ------------------------------------------------------
#
http://www.scip.ch/?vuldb.4020
I. INTRODUCTION
Check Point Connectra is a so-called SSL-VPN solution, which allows
users to access a remote system using a regular web browser.
More information is available on the official product web site at the
following URL[1]:
http://www.checkpoint.com/products/connectra/index.html
Method 1:
The updates are available for download using the following procedures:
1. Open a web browser and visit http://www.hp.com
2. In the Search field, type the applicable SoftPaq number from the list below. Start the search.
3. Select an item from the search results.
I'll demonstrate how to get administrator rights even
if the victim has a protection against XSS (NoScript
Firefox plugin for example). First, the attacker will
fix the victim's session id by setting a cookie to
the victim. Then he'll also force the victim's web
browser to establish a connexion to a script that
will get the victim's IP. Take a look at this schema:
+----------------------------------------------------------+
| The attacker post a comment using the XSS vulnerability. |
| The code which will be executed on the client browser |
# W3C Amaya 10.1 Web Browser
#
# Amaya (URL Bar) Remote Stack Overflow Vulnerability
#
# Written and discovered by:
# r0ut3r (writ3r [at] gmail.com / www.bmgsec.com.au)
#
# Advisory: http://www.bmgsec.com.au/advisory/40/
# ------------------------------------------------------
#
http://labs.idefense.com/intelligence/vulnerabilities/
Dec 11, 2007
I. BACKGROUND
Internet Explorer is a graphical web browser developed by Microsoft
Corp. and included as part of Microsoft Windows since 1995. The
setExpression method is commonly used to assign a JavaScript expression
to a CSS or DHTML object within a web page. For more information, visit
the following URLs.
Next Page>>
|
