http://www.theregister.co.uk/2004/10/21 ... wser_bugs/
By John Leyden
Published Thursday 21st October 2004 11:41 GMT
"Users of IE, Firefox, Opera, Safari and Konqueror all need to patch their browsers or implement workarounds this week following the release of a "full house" of internet client bug reports.
The most serious risk comes from a brace of IE security bugs which could be exploited to take over victim's systems. One of the vulns, a security zone restriction error, can bypass a security feature in Microsoft Windows XP SP2, Secunia reports. Even fully patched system with IE 6.0 and Microsoft Windows XP SP2 are vulnerable. Secunia advises users to disable active scripting as a precaution against attack. The vulnerabilities were independently discovered by Andreas Sandblad of Secunia Research and grey-hat hacker http-equiv.
Separately Secunia Research discovered a vulnerability in various browsers (Firefox, Opera, Safari and Konqueror) that might be exploited by malicious websites to spoof dialog boxes. The "moderately critical" bug could be used to trick users into handing over information to untrusted sites although exploitation is far from trivial. "Successful exploitation would normally require that a user is tricked into opening a link from a malicious website to a trusted website in a new tab," Secunia explains. A test is available here."