July will be 'month of browser bugs'

Satdude

Registered
Messages
3,622
July will be 'month of browser bugs'

A security expert has predicted that a new browser vulnerability will be announced every day this month

Each day this month, a prominent security expert will highlight a new vulnerability found in one of the major Internet browsers.

HD Moore, the creator of Metasploit Framework, a tool that helps test whether a system is safe from intrusion, has dubbed July the Month of Browser Bugs. Already, the security researcher has featured five security flaws, three for Microsoft's Internet Explorer and one apiece for Mozilla's Firefox and Apple's Safari.

Moore noted that one of the IE bugs appeared to have been recently patched.

"This blog will serve as a dumping ground for browser-based security research and vulnerability disclosure," Moore said on his blog. "The hacks we publish are carefully chosen to demonstrate a concept without disclosing a direct path to remote code execution."

Browser security holes are nothing new, but Moore's repository of flaws shines a light on the problem.

Moore says on his site that he reported two of the IE bugs to Microsoft last March. Microsoft acknowledged that it had been in contact with Moore but downplayed the seriousness of the flaws Moore is publicising.

"(Microsoft's) investigation has revealed that most issues relating to Internet Explorer in particular will result in the browser closing unexpectedly," the company said in an email statement.

Moore doesn't indicate how many of his published vulnerabilities are critical, but security company Secunia has rated one of the flaws, which Moore calls Internet.HHCtrl Image Property, as highly critical.

Regards Satdude. :D
 
Top