[ISN] Security expert dubs July the 'Month of browser bugs'

InfoSec News isn at c4i.org
Thu Jul 6 01:23:30 EDT 2006


By Greg Sandoval 
Staff Writer, CNET News.com
July 5, 2006

Each day this month, a prominent security expert will highlight a new
vulnerability found in one of the major Internet browsers.

HD Moore, the creator of Metasploit Framework, a tool that helps test
whether a system is safe from intrusion, has dubbed July the Month of
Browser Bugs. Already, the security researcher has featured five
security flaws, three for Microsoft's Internet Explorer and one apiece
for Mozilla's Firefox and Apple Computer's Safari.

Moore noted that one of the IE bugs appeared to have been recently

"This blog will serve as a dumping ground for browser-based security
research and vulnerability disclosure," Moore said on his blog. "The
hacks we publish are carefully chosen to demonstrate a concept without
disclosing a direct path to remote code execution."

Browser security holes are nothing new, but Moore's repository of
flaws shines a light on the problem.

Moore says on his site that he reported two of the IE bugs to
Microsoft last March. Microsoft acknowledged that it had been in
contact with Moore but downplayed the seriousness of the flaws Moore
is publicizing.

"(Microsoft's) investigation has revealed that most issues relating to
Internet Explorer in particular will result in the browser closing
unexpectedly," the company said in an e-mail statement.

Moore doesn't indicate how many of his published vulnerabilities are
critical, but security company Secunia has rated one of the flaws,
which Moore calls Internet.HHCtrl Image Property, as highly critical.

More information about the ISN mailing list