The US Computer Emergency Response Team (US-Cert) said that the flaw lies in the way the browser handles attempted cross-site scripting attacks.
When code is embedded within a specially crafted HTML document, the security protections will not function properly, leaving the user open to attack.
US-Cert believes that an attacker could execute a cross-domain scripting attack and steal cookies and security credentials without any warning to the user.
McAfee researcher Yichong Lin explained that the vulnerability was first disclosed in a Chinese security publication known as Pstzine.
Lin noted that a similar concept, known as Ghost Pages, has previously been discussed by researchers.
While there is no currently available fix for the vulnerability, Firefox and Internet Explorer 7 are protected from the attack.
McAfee and US-Cert recommend that IE6 users upgrade to the latest version of the browser to avoid infection. Users who do not wish to upgrade are advised to disable scripting.
_(37).jpg&h=140&w=231&c=1&s=0)
_(36).jpg&h=140&w=231&c=1&s=0)
iTnews Cloud Covered Breakfast Summit
Huntress _declassified Virtual Event
Live & Hands On Demo: Navigating the BMC AMI DevX Platform to Understand Code Faster Using AI
Melbourne Cloud & Datacenter Convention 2026
iTnews Executive Retreat - Data & AI Edition
_(1).jpg&h=140&w=231&c=1&s=0)
