http://news.com.com/Security+expert+dubs+July+the+Month+of+browser+bugs/2100-1002_3-6090959.html By Greg Sandoval Staff Writer, CNET News.com July 5, 2006 Each day this month, a prominent security expert will highlight a new vulnerability found in one of the major Internet browsers. HD Moore, the creator of Metasploit Framework, a tool that helps test whether a system is safe from intrusion, has dubbed July the Month of Browser Bugs. Already, the security researcher has featured five security flaws, three for Microsoft's Internet Explorer and one apiece for Mozilla's Firefox and Apple Computer's Safari. Moore noted that one of the IE bugs appeared to have been recently patched. "This blog will serve as a dumping ground for browser-based security research and vulnerability disclosure," Moore said on his blog. "The hacks we publish are carefully chosen to demonstrate a concept without disclosing a direct path to remote code execution." Browser security holes are nothing new, but Moore's repository of flaws shines a light on the problem. Moore says on his site that he reported two of the IE bugs to Microsoft last March. Microsoft acknowledged that it had been in contact with Moore but downplayed the seriousness of the flaws Moore is publicizing. "(Microsoft's) investigation has revealed that most issues relating to Internet Explorer in particular will result in the browser closing unexpectedly," the company said in an e-mail statement. Moore doesn't indicate how many of his published vulnerabilities are critical, but security company Secunia has rated one of the flaws, which Moore calls Internet.HHCtrl Image Property, as highly critical. _________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 29 - August 3 2,500+ international security experts from 40 nations, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Wed Jul 05 2006 - 23:06:52 PDT