If this page does not print out automatically, select Print from the File menu.

Security hole hits Internet Explorer and Firefox

JavaScript flaw opens door to credit card thieves

Tom Sanders in California, vnunet.com 07 Jun 2006

Microsoft's Internet Explorer and Mozilla's Firefox are both vulnerable to a new JavaScript flaw that could allow attackers to steal confidential information.

The flaw affects fully patched browsers on Windows, Linux and Mac systems, according to a posting on the Full Disclosure security mailing list.

The issue is caused by the 'OnKeyDown' JavaScript feature that allows websites to capture and duplicate keystrokes entered into data fields, including fields where users enter credit card information.

Security experts noted that exploiting the flaw would require the user to type a fair amount of text. Attackers would therefore most likely target online games or blogs.

Security website Secunia rated the flaw 'less critical' for Internet Explorer and Firefox.

Although the flaw requires a sophisticated attacker to effectively exploit it, it is noteworthy because it spans multiple operating systems and browser vendors.

The SANS Internet Storm Centre warned users to be cautious in allowing JavaScript to run.

Permalink: http://www.pcw.co.uk/2157754

www.pcw.co.uk/2157754

This article was printed from the Personal Computer World web site
© Incisive Media Ltd. 2008
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503

Close this window to return to the website