New Vulnerabilities Hit Firefox And Internet Explorer

[HardOCP News]

According to this article, security researchers have found four new vulnerabilities in Internet Explorer and Mozilla Firefox. There are no patches yet available from either company.

The most serious is MSIE page update race condition, where users navigating with JavaScript from one page to another page with the same domain experience a window of opportunity for attackers to concurrently execute JavaScript to perform actions with the permissions of the previous page. The next most severe is Firefox Cross-site IFRAME hijacking where an attack against about:blank frames could allow malicious code execution.

 

[drlava]

If these are buffer overflow exploits, shouldn't they be taken care of by the no execute CPU flag?

 

[xX_Jack_Carver_Xx]

Can MSoft ever write a peice of software that DOESN'T have a hole in it?

 

[GJSNeptune]

Can MSoft ever write a peice of software that DOESN'T have a hole in it?

Are you implying that software perfectly secure is even possible?

 

[Cyrilix]

Are you implying that software perfectly secure is even possible?

Yes. I can write you a "Hello World" program that is perfectly secure.