It was a bad weekend for browser security.
Midweek, Microsoft released an early patch for a critical VML bug in Internet Explorer. Then, cyber-badguys started hitting a Windows Shell bug that was vulnerable through Internet Explorer. Fortunately, some third parties have already released bug fixes for that one.
Also, reported in by Joris Evers in CNet’s security blog entry :
The open-source Firefox Web browser is critically flawed in the way it handles JavaScript, two hackers said Saturday afternoon.An attacker could commandeer a computer running the browser simply by crafting a Web page that contains some malicious JavaScript code, Mischa Spiegelmock and Andrew Wbeelsoi said in a presentation at the ToorCon hacker conference here. The flaw affects Firefox on Windows, Apple Computer’s Mac OS X and Linux, they said.
