U-S Cert Vulnerability Advisories

[Guest Dan]

I thought I would post the security advisories here for those of us using

Internet Explorer since many of us dual-boot with Windows XP. It is nice

that Mozilla Firefox vulnerabilities have been addressed with the newest

version but it looks like it is time for Microsoft to have security updates

with Internet Explorer.

 

 

http://www.us-cert.gov/cas/bulletins/SB08-189.html

 

Microsoft -- Internet Explorer

 

Cross-domain vulnerability in Microsoft Internet Explorer 6 allows remote

attackers to access restricted information from other domains via JavaScript

that uses the Object data type for the value of a (1) location or (2)

location.href property.

 

unknown

2008-06-30

6.8 CVE-2008-2947

OTHER-REF

OTHER-REF

CERT-VN

BID

XF

 

Microsoft -- Internet Explorer

 

Cross-domain vulnerability in Microsoft Internet Explorer 7 and 8 allows

remote attackers to change the location property of a frame via the Object

data type, and use a frame from a different domain to observe

domain-independent events, as demonstrated by observing onkeydown events with

caballero-listener.

 

unknown

2008-06-30

6.8 CVE-2008-2948

OTHER-REF

OTHER-REF

OTHER-REF

OTHER-REF

CERT-VN

 

Microsoft -- Internet Explorer

 

Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows

remote attackers to change the location property of a frame via the String

data type, and use a frame from a different domain to observe

domain-independent events, as demonstrated by observing onkeydown events with

caballero-listener.

 

unknown

2008-06-30

6.8 CVE-2008-2949

OTHER-REF

OTHER-REF

OTHER-REF

CERT-VN