Two new security flaws have been discovered in
Microsoft's Internet Explorer browser, and one of them may also
affect its open source rival, Firefox.
Exploit code for the flaws had already been published on the
internet, said the SANS Internet Storm Center security research
website, although it added that so far no attacks had been launched
using this code.
Attackers can take advantage of the IE and Firefox flaw by using
cross-site scripting. The technique enables hackers to view the
contents of an open window from a second window open on the user's
system. The data can then be stolen.
The number of security flaws that affect both IE and Firefox is
slowly rising, as Firefox gains in popularity.
Rogue code writers see Firefox as an increasingly attractive
target now that it has more than 10% market share. IE has around
85% of the browser market
The second IE flaw is related to the way certain applications
are processed. A user could be tricked into double-clicking on a
malicious file, and remote code executed by remote attackers, who
could take over the system.
Both Microsoft and Mozilla Foundation are considering issuing
patches for the reported problems.