IE 7 Less Vulnerable than Firefox 2?

According to reports, Mozilla Firefox 2 and Microsoft Internet Explorer 7 (IE) are both vulnerable to a bug that steals the login-id and password of users, with the help of a fake log-in page.

The bug has been dubbed as "Reverse Cross Site Request vulnerability" (RCSR) by Robert Chapin, who first discovered the flaw.

Reportedly, the attack was first carried out from a profile page using a specially crafted HTML that hides the genuine MySpace content from the page, and displays the fake login page instead. The fake page is then sent to another Web site, along with information regarding MySpace users who visited the page using Firefox.

The attacks seen on My Space.com are likely to move on to Firefox as well because the Firefox Password Manager automatically enters any saved passwords and user-id/s into the form, whereas IE is not capable of filling in the saved information automatically.

Therefore, Firefox is more likely to get affected by the flaw, as compared to IE.

According to Chapin, users of both Firefox and IE need to be aware that their information can be stolen in this way when visiting blog and forum Web sites at trusted addresses as well. Further, an RCSR attack is more likely to succeed than an XSS attack because neither IE nor Firefox are designed to check the destination of form data before the user submits them.

Moreover, the browser doesn't indicate the exploitation as it is conducted on a trusted Web site.

As of now, no fix has been issued by Mozilla, and it's not very clear if the other versions of Firefox are also affected by the flaw. Users have been advised to disable the "Remember passwords for sites" from the preference link in Firefox.

Additionally, these attacks could also be highly effective against firewall of local network servers and HTTPS addresses that are not otherwise accessible because the attacker does not need direct access.

Source: [link=http://www.techtree.com/India/News/IE_7_Less_Vulnerable_than_Firefox_2/551-77396-643.html]Techtree News[/link]

 

well i'm so paranoid, i never let FF remember passwords, or even check "Remember Me" on any site, i always enter my username & password, am i still vunerable ?

 

tbh I ve not read that article yet but I have read one saying there is a patch for the apache server, which is the source of the vulnerability.

Expect Header Cross-Site Scripting Vulnerability Test - Secunia

If I understand the simple instructions correctly both this site and one of mine which I just tested is safe with firefox but not with IE! Ive only got IE6 btw.

 

have no idea myt!...I jst saw this acticle in google news section so posted hea, thought could be interesting for some guyz...

 

yer plank karan, you had me worried then, i see your still claiming to be from India

BTW: i'm still thick, but i'm no longer a multi-boot virgin,
i've got

• Kubuntu
• Mandy
• Vector

BTW: just a thought, can a linux / exist on an logical partition, basically can you hav more than 3 installs of linux per HDD (obvously 3 primary partitions and an extended containing 1 or more logical partitions, for common data e.g. emails)

 

I dnt knw coz i've never done this nd also i m also thick with linux stuff...
[ot]just out of curiousity, y do you wants to install so many OS's on your PC? Do u even get this much tym so that you can use all of them??[/ot]

 

why ? ? ?,

to see if i can, of course,
i think i can create a 15 OS multiboot, but i dont want to be just restricted to 15 OS's (4 per HDD exept 1 HDD which would have 3 OS's and 1 logical partition in an extended partition for and a swap partition common data (emails & stuff)

BTW: i'm serious

 

Y dont u jst install two OS on your PC and all other on virtual machine? With that, u dont have to install all the things like audio codecs etc...again and again. Also u dont have to log out from one system to work in another system.......I mean thea are heaps of usefull points if u go like that way...
I've said two so that if smthing goes wrong with one system, you can still use the another system to recover d data or emergency purpose...

 

cos ive being there, done that, besides that would be too easy

my sound card doesn't work anyway

isn't that why Live CD / DVD where invented, still only using 3 OS's (got to do something about that)[ot]i'm not called donkey for nothing[/ot]

 

I think i am lucky in this coz my sound card jst work with simple ubuntu installation....I dnt even have to worry about the drivers or anything....

[ot]

look at this whole page again and tell me whoz calling u donkey xpt urself??????
[/ot]

 

let me clarify, my sound card does work (when plugged in) it's just: i have my sound going into a powerful amplifier and some crappy hifi speakers) the problem is: the amp is way too powerful for the speakers i'm using (extreamly bass-ey) so i never switch the amp on

thats why my sound doesn't work

[ot]yeah i know, but i'm still thick and a donkey with a load of stuff, well not thick, if someone doesn't know something those people are said to be thick, but it's not there fault they don't know something - god im talking crap - just ignore me, when i start babbling like that, of tell me to shut the :swear: up[ot]yes i can babble on about nothing, LOL[/ot]

 

hahahahaha!......... lol dats true! nd i knw that u are also not able to lower the sound volume down...n bass also! its hard ae!:doh:

no no, it makes sense to me.......u cn continue!

 

you are a masakist, like me, us masakits should stick together (cos not many people can figure us out)[ot]don't know why i changed the colour, cos i'm colour blind, and i used to be a sparkey (electric-ish-on)[/ot]

 

I am not a.....:sniper:..........masakist
btw, wat does it mean????(again this word is not in the dictionary)

[ot]

Which color u've changed? I cant see any change in my monitor colorshah:[/ot]

 

i'm a plank, my spellings getting worse:doh: , i meant "masochist"

the word masakist is red, so is this

 

U r a lier....i cn see only black.....:doh:

 

well it all looks the same to me too, but this post is a load of different colours, can you see them ?

[ot]now i'm taking the piss[/ot]

 

Oye! I think I've got color extraness......i cn see so many colors...hah:

[ot]Friendship ist like pissing in your pants. Everyone can see it, but only you can feel its true warmth[/ot]

 

[ot]well that beats die-or-ear (at least when it comes to cleaning it up)[/ot]

 

[ot]

I didnt understand what is die-or-ear.....does it mean that smell-nd-die??hah:
[/ot]