Skip to page content or Skip to Accesskey List.

Work

Main Page Content

Serious Javascript Security Bug In Ie

Rated 3.58 (Ratings: 1)

Want more?

  • More articles in News
 

Seb Potter

Member info

User since: 22 Apr 1999

Articles written: 19

Peacefire have issued an advisory about a serious new exploit to read any cookie in Internet Explorer.

The bug allows a malicious Javascript to retrieve the content of any cookie stored by IE. Peacefire have several examples, including a scenario in which a website can obtain the user's cookie for Amazon, and somebody could then use this cookie to log in to Amazon as that user.

Peacefire's advice to disable this bug is for anybody using Internet Explorer to immediately disable Javascript. For extra security, turning the acceptance of cookies off is also recommended.

As yet, Microsoft have yet to issue an advisory about this bug, although even if they do, it can be expected that it will take some time for them to issue a fix.

As with most IE bugs, this only affects Internet Explorer running on a Windows platform. Mac and Unix platforms are unaffected, as are Netscape browsers.

Seb is a Jedi Master in the art of creating sites and keeping servers running. This often means hitting them repeatedly with forces that defy rational explanation, though he prefers to descibe it as "administration". When he's not practising his percussive skills on E450s and AS400s, he can be found masquerading as the senior developer for some widely varied clients. It's still not certain whether or not the meanings of CMS, CRM, and B2B have penetrated the alcoholic fog enveloping his brain, but he makes convincing noises to customers about XML, XSLT, Python, J2EE, PHP, Perl, C++, and OpenGL.

Seb has been in the web game pretty much since it began, and still has fond memories of the time when a web could be swept aside with a duster and spam was pork luncheon meat. Despite being the developer of one of the first commerce sites in Europe, he has yet to make any real money.

Being English, Seb doesn't like SOAP, but instead has recently discovered something called ZOPE. Zope is a platform that runs Plone which he thinks is the coolest thing since high-performance, real-time 3D APIs, which he often writes small games in.

Seb lives in the best little city in the world, and used to commute 5 hours a day on British trains. He is subsequently immune to all forms of torture techniques.

The access keys for this page are: ALT (Control on a Mac) plus:

evolt.org Evolt.org is an all-volunteer resource for web developers made up of a discussion list, a browser archive, and member-submitted articles. This article is the property of its author, please do not redistribute or use elsewhere without checking with the author.