- Nokia's new N97 vs. the iPhone
- Talk-powered cell phones?
- FBI: Copper thieves jeopardize U.S. infrastructure
- 10 Microsoft research projects
- Smartphone smackdown: Storm vs. iPhone
A flaw in the way the Firefox and Opera browsers handle an image file could allow an attacker to see what Web sites a person has visited.
The problem concerns how the two browsers handle a ".BMP," or bitmap, image file, according to an advisory written by Gynvael Coldwind of Vexillium.org, who posted a video illustrating the problem.
A malicious bitmap file can be created that pulls other information from the browsers' memory. Some of the information that can be captured is random, but at other times could be valuable, the advisory said.
"The harvested data contains various information including parts of other Web sites, users' favorites and history and other information," Vexillium.org said.
Using the "canvas" HTML (Hypertext Markup Language) tag supported by the browsers, an attacker can capture the data. Then, using JavaScript, the information can be sent to a remote server.
The flaw could also crash Firefox. The vulnerability affects Firefox 2.0.0.11 and previous versions of that browser as well as the beta version of Opera 9.50.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (1)
RE: Opera, Firefox bug could export users' Web historyBy Anonymous on February 22, 2008, 6:40 amIE affected?
Reply | Read entire comment
View all comments