Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Cross-browser vulnerability

Cross-browser vulnerability

by Nikola Strahija on June 7th, 2006 A bug was discovered some time ago that uses flaws in Active Scripting or Javascript to trick users of Mozilla Firefox and Microsoft Internet Explorer into uploading files.


Almost a year ago Charles McAuley, security researcher, discovered this flaw, and informed the companies about it. A few days ago he published proof-of-concept for these flaws.

The vulnerability employs poor design in those browsers which allows a script to cancel certain keystroke events when users are entering text.

This can lead to upload of sensitive material, unwillingly. No patches were issued yet, the only workaround is to disable the aforementioned scripting options in browsers.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »