Els usuaris de Internet Explorer s’han llevat amb 4 noves vulnerabilitats crítiques per al seu navegador:
- It is possible to redirect a function to another function with the same name, which allows a malicious website to access the function without the normal security restrictions.
- Malicious sites can trick users into performing actions like drag’n’drop or click on a resource without their knowledge.
- It is possible to inject arbitrary script code into Channel links in Favorites, which will be executed when the Channel is added. The script code is executed in Local Security Zone context.
- It is possible to place arbitrary content above any other window and dialog box using the “Window.createPopup()” function. This can be exploited to “alter” the appearance of dialog boxes and other windows.
El que més m’ha agradat de l’anunci de Secunia és la solució a les vulnerabilitats:
Solution:
Disable Active Scripting.Use another product.
Personalment ja fa temps que tinc aquests forats solventats, he triat Use another product