Valery
Mon Sep 08 17:41:56 CDT 2008
I don`t get, why you have started to talk about vulnerabilities in browsers,
when the article was about CSRF...
Yes, these vulnerabilities are nasty, but not worse than SQL injection or
remote/local file including...
No, register is not right about nonexistence of CSRF/XSS worm. Try to google
for XSS worm...
I liked the idea of separate browsers :))) had a lot of fun :) You can also
use separate computers (which are connected to each other) to access
Internet and local network :)
>In addition, IE 7 suffers from vulnerabilities that include system access
>from remote hacking which really is bad.
Currently there are no publicly known unpatched "vulnerabilities that
include system access from remote hacking" in both IE 6 and 7, Firefox or
Opera.
--
BR,
Valery Marchuk
"Dan" <Dan@discussions.microsoft.com> wrote in message
news:36946EC8-AC56-4B70-96DF-368A2A948477@microsoft.com...
> Yes, Dave these are indeed problematic. Apparently, the browsers affected
> include Internet Explorer 6 and Mozilla Firefox 2. In addition, IE 7
> suffers
> from vulnerabilities that include system access from remote hacking which
> really is bad.
>
>
> Here is a secunia.com warning showing if affects a fully updated IE 6
>
>
http://secunia.com/advisories/30857/
>
> and one in a fully updated Internet Explorer 7
>
>
http://secunia.com/advisories/24314/
>
> and don't forget about this one in IE 7 that allows for system access
>
>
http://secunia.com/advisories/30851/
>
> last updated July 9, 2008 -- let us all get with the program here folks
>
> here is one from a fully updated Firefox 2.x
>
>
http://secunia.com/advisories/27907/
>
> Mozilla Firefox 3 takes it up a notch with all 3 current vulnerabilities
> patched but if you want to use Mozilla Firefox 2 add-ons that my dad, Ivan
> really enjoys then for now you are stuck with using Mozilla Firefox 2
> because
> many of the good ad-ons do not yet support Mozilla Firefox 3. Thus, this
> all
> leads to trade off's and balances between external security of Vista,
> internal safety of 98 Second Edition and using open source technologies to
> help maintain a safety and security balance. Finally, Ubuntu Linux comes
> into play as being very safe and secure but the compatibility is still
> lacking for many users so this must be taken into account as well but if
> you
> want an operating system that is great for emailing and web surfing then
> Ubuntu Linux should be your number 1 choice.
>
>
> "~BD~" wrote:
>
>> Quote:-
>> "Taken alone, CSRF attacks are simple and powerful. However, most
>> attackers
>> use CSRF and cross-site scripting (XSS) in conjunction. Together, these
>> two
>> techniques allow attackers to invade a victim's browser and execute
>> malicious programs using the credentials of site the user is logged into.
>>
>> This combination is devastating, and I'm frankly surprised that a
>> cross-application CSRF-XSS worm hasn't already been developed"
>>
>> Full article here:-
>>
http://www.theregister.co.uk/2008/08/29/hijacked_browser/
>>
>> Dave
>>
>> --
>>
>>
>>
>>
>>
>>
>>