Previous
IE 5.5 Exploit Evades Security Feature
News The "IE 5.5 Cross Frame security vulnerability" uses JavaScript, a Web page scripting language, to bypass security features built into Internet Explorer. Guninski outlines this vulnerability on his Web site where he also provides a demonstration of...
[September 7, 2000, 15:26]
Fortnight Worm Redirects To Porn Sites
News Failure to patch a three-year-old Microsoft vulnerability is leaving home and business users exposed to a JavaScript worm that redirects Internet Explorer to porn sites. A patch for the vulnerability can be found on Microsoft's Web site.
[June 23, 2003, 10:55]
Think Vulnerabilities Only Happen In IE? Think Again
Talkback If the vulnerability is JavaScript then keep it clear and advise users to switch off JavaScript. If the vulnerability is Java then keep it clear and advise users to switch off Java. Do you know the difference between Java and JavaScript?
[April 18, 2005, 8:33]
Second Firefox 2 Bug Discovered
News The vulnerability lies in the way the open-source browser handles JavaScript code. This flaw in the JavaScript Range object is different from the denial-of-service vulnerability in Firefox 2 that was confirmed by Mozilla last week.
[November 2, 2006, 9:50]
Bug Hunters Find 'cookie' Hole In IE
News The potential vulnerability was reported Thursday by Bennett Haselton and Jamie McCarthy on the Peacefire.org Web site. The vulnerability was found in Internet Explorer for Windows 95, 98 and NT, but not in the version of the Microsoft browser for...
[May 12, 2000, 8:39]
Firefox Flaw Made Public
News Firefox versions 1.0.1 and 1.0.2 contain the vulnerability, the security information company said in an advisory on Monday. Secunia has developed a test that allows people to see whether their system is affected by the vulnerability.
[April 6, 2005, 9:10]
Hackers: Firefox Has JavaScript Flaw
News The JavaScript issue appears to be a real vulnerability, Window Snyder, Mozilla's security chief, said after watching a video of the presentation Saturday night. I do hope you guys change your minds and decide to report the holes to us and take...
[October 2, 2006, 8:25]
Pop-up Phishing Flaw Found In Major Browsers
News Security firm Secunia has warned that many popular Web browsers contain a vulnerability that could be used by cybercriminals to steal personal data. Krogh also pointed out that Secunia had rated the vulnerability as "less critical".
[June 22, 2005, 14:15]
Hacker Takes Back Firefox Hijack Claim
News A hacker who claimed to have found a serious zero-day bug in Firefox now says he was never able to exploit the supposed vulnerability to hijack computers. In his statement, Spiegelmock wrote that the presentation included "a previously known...
[October 4, 2006, 9:45]
Acrobat Flaw Opens Door To Attack
News This vulnerability makes it possible for cross-site-scripting (XSS) attacks to occur, to steal cookies, session information, or possibly create a XSS worm," he said. The Adobe vulnerability could spark a rise XSS attacks, Symantec said.
[January 4, 2007, 7:29]
Worms Sing An Ode To Security
News An exploit using music files would rely on a Web browser with a known vulnerability. The vulnerability as described by security experts illustrates the classic trade-off between security and functionality.
[February 27, 2002, 14:13]
Netscape Security Flaw Revealed
News Netscape and RST remained at odds late Tuesday about whether the Javascript vulnerability really existed. If the Javascript vulnerability doesn't exist, a password stealer would have to have physical access to a user's computer to figure out the...
[December 15, 1999, 14:06]
Dangerous Exploit Released For Old IE Hole
News Security researchers said the IE vulnerability has been known for the past six months, but had previously been seen as a conduit for denial-of-service DoS attacks rather than the remote execution of code.
[November 22, 2005, 8:45]
Hundreds Of Sites Infected With Dynamic Malware
News The JavaScript files can infect users with up to a dozen exploits, including an Apple QuickTime Real-Time Streaming Protocol vulnerability, an older Microsoft Data Access Components vulnerability, as well as sophisticated Trojans and rootkits...
[January 18, 2008, 15:58]
Think Vulnerabilities Only Happen In IE? Think Again
Talkback Of course, while you can switch to Firefox to avoid the latest IE vulnerability, you'll then have to deal with the new Firefox vulnerability instead—and it appears to be nearly as dangerous. So, until Mozilla releases a patch, disabling JavaScript...
[April 14, 2005, 18:53]
JavaScript Bug-hunting Tool Revealed
News As expected, SPI Dynamics researcher Billy Hoffman demonstrated a web application vulnerability scanner written in JavaScript. Vulnerabilities in websites could be exploited to inject malicious JavaScript code, which puts users at serious risk, he...
[March 26, 2007, 9:38]
JavaScript Attack Maps Secure Networks
News But a key advantage of the SPI Dynamics vulnerability is that it is difficult to fix without breaking many Web applications. Security researchers have found a way to use JavaScript to map a home or corporate network and attack connected servers or...
[July 31, 2006, 9:00]
Microsoft And Mozilla Admit 'minor' Security Flaw
News This vulnerability does not allow a malicious attacker to execute code against a user's machine but rather requires significant user interaction that could result in information disclosure," a Microsoft representative said in an e-mailed statement.
[June 9, 2006, 10:45]
Worm Wriggles Through Yahoo Mail Flaw
News It takes advantage of a JavaScript vulnerability, so the user doesn't even have to click on an attachment to get infected. At the time of the advisory, there was no patch for the vulnerability. A new worm that targets Yahoo email users is on the...
[June 13, 2006, 9:25]
Google Mail JavaScript Flaw Patched
News Because the vulnerability was fixed quickly, it likely never was exploited in any attacks, according to Google. We encourage all vulnerability reporters to follow responsible disclosure practices and notify vendors first before making the...
[March 3, 2006, 8:05]
