 Opera, Firefox Bug Could Reveal Web Travels |
|
|
|
|
  |
 Feb 18 2008, 07:46 PM
Post
#1
|
|
|
$p4m 0n j00 $h4m3 m3 0nc3 $p4m 0n m3 $h4m3 m3 7\/\/1c3  Group: [HOSTED] Posts: 6,315 Joined: 21-September 04 From: 9r33|\| 399$ 4|\|D 5P4/\/\ Member No.: 1,218   |
OH NO!!! (sarcasm there)
QUOTE A flaw in the way the Firefox and Opera browsers handle an image file could allow an attacker to see what Web sites a person has visited. The problem concerns how the two browsers handle a ".BMP," or bitmap, image file, according to an advisory written by Gynvael Coldwind of Vexillium.org, who posted a video illustrating the problem. A malicious bitmap file can be created that pulls other information from the browsers' memory. Some of the information that can be captured is random, but at other times could be valuable, the advisory said. "The harvested data contains various information including parts of other Web sites, users' favorites and history and other information," Vexillium.org said. Using the "canvas" HTML (Hypertext Markup Language) tag supported by the browsers, an attacker can capture the data. Then, using JavaScript, the information can be sent to a remote server. The flaw could also crash Firefox. The vulnerability affects Firefox 2.0.0.11 and previous versions of that browser as well as the beta version of Opera 9.50. Although kind of out of date in the sense with firefox since everyone should have upgrade to 2.0.12 by now, but of course I am surprise people would still be working in bitmap files after all this time though; I guess they are still used to this day still. Although stealing information and baiting people with images is a pretty old technique in the computer underground, and so I wouldn't be surprise if people still fell for this one. Since it is rarely used these days. SOURCE This post has been edited by Saint_Michael: Feb 18 2008, 07:47 PM |
 |
 
|
|
Similar Topics
|
Lo-Fi Version | Time is now: 27th July 2008 - 01:52 AM |