Firefox and IE hit by security bugs
A researcher has discovered a security problem in web browsers that could allow hackers to read stored files on a victim’s hard drive.
Michal Zalewski posted details of the flaws, which could steal people’s data via a malicious website, on security mailing list Bugtraq. The flaw was discovered to affect both IE and Firefox.
‘Unfortunately, there are some problems that allow users’ keyboard input in unrelated locations to be selectively, transparently redirected to these input fields, and hence affect file selection to attacker’s liking,’ said Zalewski in his posting.
He said that even though some browsers try to prevent file field hiding, it can be easily stowed off-screen at negative window coordinates.
‘Once all letters necessary to reconstruct a target filename were entered by the victim as a part of a larger, unrelated body of text, the script can automatically submit the entire form, including victim’s sensitive files,’ he said.
He said that the flaw operates in both browsers through slightly different means, but admitted that the flaws need a significant amount of user interaction to be effective.
‘Any website where the user can be reasonably expected to enter some text (a keyboard-controlled web game, a blog posting or commenting interface, a web chat, or a captcha) can attempt to exploit the vulnerability, and eventually succeed with one user or another,’ said Zalewski.
Another flaw in Firefox could allow hackers to change a user’s cookie which in turn could affect how another website is displayed.
Microsoft said in a statement that its investigations revealed that an attacker could gain access to user files if the location of a given file is already known.
‘In order to be successful, an attacker in advance would have to convince the user to enter the location of a file into an attacker’s webpage through social engineering,’ a company spokesperson said. ‘Upon completion of this investigation, Microsoft will take appropriate action to help protect our customers.’