Zero-Day Hits IE-Firefox Combo
By Lisa Vaas
July 10, 2007
Security researcher Thor Larholm has discovered a zero-day vulnerability that could lead to remote attackers hijacking systems running both Internet Explorer and Firefox.
Larholm is calling this an IE zero day, blaming the vulnerability on an input validation flaw in Internet Explorer that allows users to specify arbitrary arguments to the process responsible for handling URL protocols. It's the same type of input validation vulnerability that Larholm discovered in the Safari 3 beta, he said.
Stumble It!
Comments