Researchers find similar unpatched flaw in IE and Firefox

By
Follow google news

Security researchers have discovered a rare flaw affecting both Firefox and Microsoft Internet Explorer that can allow a hacker to read sensitive files on users' computers with the use of a bit of social engineering.


Reported this week to the Full Disclosure security mailing list and Bugtraq by researcher Michal Zalewski, the vulnerability in Internet Explorer resembles a similar flaw disclosed by Charles McAuley in June 2006.

“Unfortunately, there are some problems that allow user's keyboard input in unrelated locations to be selectively, transparently redirected to these input fields, and hence affect file selection to an attacker's liking,” he wrote. “Even though some browsers try to prevent file field hiding, it can be be easily stowed off screen at negative window coordinates.”

Microsoft acknowledged the vulnerability on Thursday, explaining that it is investigating the matter.

“Microsoft’s initial investigation reveals that an attacker could gain access to user files if the location of a given file is already known. In order to be successful, an attacker in advance would have to convince the user to enter the location of a file into an attacker's webpage through social engineering,a company spokesperson said.

Upon completion of this investigation, Microsoft will take appropriate action to help protect our customers.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
andfindfirefoxflawieinresearcherssecuritysimilarunpatched

Sponsored Whitepapers

Uncomplicate IT Service Delivery with AI Agents
Uncomplicate IT Service Delivery with AI Agents
Getting ahead of the tech: what’s next for Australian organisations in digital transformation
Getting ahead of the tech: what’s next for Australian organisations in digital transformation
Fintech compliance made fast and secure
Fintech compliance made fast and secure
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide
2025 Security operations insights: Three-quarters of security leaders need something new in SIEM
2025 Security operations insights: Three-quarters of security leaders need something new in SIEM

Events

Most Read Articles

Popular text editor Notepad++ was hacked to drop malware

Popular text editor Notepad++ was hacked to drop malware
'Moltbook' social media site for AI agents had big security hole

'Moltbook' social media site for AI agents had big security hole
Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases
Under malware threat, runaway AI agent project OpenClaw turns to Google's VirusTotal

Under malware threat, runaway AI agent project OpenClaw turns to Google's VirusTotal
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?