Web Browser Security

  • August 06, 2008 06 Aug'08

    Kaminsky: DNS flaw capable of attacks on many fronts

    Black Hat: Security researcher Dan Kaminsky outlined more than a dozen ways the DNS cache poisoning flaw could be exploited by an attacker to wreak havoc on vulnerable systems.

  • August 04, 2008 04 Aug'08

    SaaS startups enter Web security gateway market

    Web security vendors Zscaler Inc., Purewire Inc. enter growing Software as a Service (SaaS) space dominated by appliance vendors

  • July 02, 2008 02 Jul'08

    Microsoft addresses XSS in Internet Explorer

    A cross-site scripting filter and additional security features for developers will help defend against attacks.

  • July 01, 2008 01 Jul'08

    Internet Explorer open to spoofing, scripting attacks

    A zero-day vulnerability in Internet Explorer (IE) leaves the browser open to an attack that could allow someone to capture the keystrokes of a victim.

  • May 31, 2008 31 May'08

    Microsoft warns Apple Safari users of new vulnerability

    In a warning issued to customers late Friday, Microsoft urged Safari users to change the browser's default download location.

  • February 13, 2008 13 Feb'08

    Shrewd attackers bypass old security defenses with Web attacks

    Cybercriminals are conducting Web-based attacks to bypass traditional protection technologies. With most security vendors unable to solve the problem, companies need to rethink their security strategy.

  • February 12, 2008 12 Feb'08

    Inside MSRC: Microsoft outlines Internet Explorer flaws

    Microsoft's Bill Sisk explains the Internet Explorer critical flaws being addressed in this month's batch of security updates.

  • December 20, 2007 20 Dec'07

    IE patch glitch sends admins in search of workarounds

    Microsoft announced a workaround for IT shops affected by a flawed Internet Explorer (IE) security patch, but some administrators sought the solution on their own.

  • December 11, 2007 11 Dec'07

    Firefox 3 security looks promising, testers say

    Mozilla is touting big security advances in Firefox 3, including stronger anti-malware measures. Those testing the beta say it looks promising, though tweaks are needed.

  • December 06, 2007 06 Dec'07

    Security fixes on tap for Windows, IE, DirectX

    Microsoft plans to release seven security updates Tuesday, including three critical fixes for Windows, DirectX, DirectShow, Windows Media Format Runtime and Internet Explorer.

  • October 19, 2007 19 Oct'07

    Mozilla releases Firefox to fix multiple flaws

    Attackers could exploit multiple flaws in Mozilla Firefox to tamper with sensitive information, conduct phishing attacks and run malicious code.

  • October 11, 2007 11 Oct'07

    Microsoft warns of dangerous Windows URI vulnerability

    Microsoft issued an alert warning of an unpatched command execution vulnerability in Windows XP and Windows Server 2003 that could be exploited remotely to access a machine.

  • September 05, 2007 05 Sep'07

    Firefox security issues persist despite update

    Despite Mozilla's recent Firefox security update, researchers say there's another way attackers could exploit the browser for malicious purposes.

  • August 14, 2007 14 Aug'07

    Latest Microsoft flaws affect Windows, IE, Excel

    Microsoft released nine security updates Tuesday -- six of them critical -- for flaws in Internet Explorer, Excel and other programs within the Windows OS.

  • August 14, 2007 14 Aug'07

    Inside MSRC: Microsoft releases searchable update database

    Microsoft's Christopher Budd explains the software vendor's new Update Catalog, a searchable database of all Microsoft security updates, drivers, and service packs. Also a look at this month's updates.

  • August 10, 2007 10 Aug'07

    Microsoft to update critical Windows, Office, flaws

    Nine security bulletins will be released Tuesday to patch flaws in Windows, Office, IE and Virtual PC, Microsoft said. Six of the bulletins are expected to be critical.

  • August 09, 2007 09 Aug'07

    Mozilla to extend security in major Firefox update

    The next version of Firefox will include new anti-phishing and anti-malware capabilities. Mozilla also plans to release a pair of fuzzing tools to detect Java, FTP and HTTP flaws.

  • July 31, 2007 31 Jul'07

    Mozilla fixes two critical Firefox flaws

    Firefox version addresses critical flaws involving unescaped URLs passing to external programs and privilege escalation.

  • July 26, 2007 26 Jul'07

    Warning issued over unpatched Firefox flaw

    Danish vulnerability clearinghouse Secunia and the United States Computer Emergency Readiness Team (US-CERT) issued advisories about the input validation flaw.

  • July 18, 2007 18 Jul'07

    Critical Firefox flaws addressed by Mozilla

    Mozilla attended to eight flaws in Firefox, fixing three critical and two high-impact vulnerabilities that could be used by an attacker to gain access to sensitive information.

  • June 14, 2007 14 Jun'07

    Apple fixes flaws in Safari for Windows

    Researchers who haven't liked Apple's past response to flaw reports applaud the company's quick fix to Safari for Windows. But they're not convinced Apple is turning over a new leaf.

  • June 13, 2007 13 Jun'07

    Microsoft investigates possible new Office flaw

    Attackers can exploit a new buffer-overflow flaw in Microsoft Office to cause a denial of service or run malicious code on targeted machines via IE, Symantec warned Wednesday.

  • June 12, 2007 12 Jun'07

    Microsoft patches Windows Vista, IE 7

    Microsoft fixed 15 flaws in a variety of products Tuesday, including Windows XP, Vista and Internet Explorer 7. Attackers could exploit the most serious flaws for remote code execution.

  • June 12, 2007 12 Jun'07

    Researchers find flaws in Safari for Windows

    Attackers could exploit a flaw in Apple's Safari for Windows to pass arbitrary command line arguments to any application that can be called through a protocol handler.

  • May 31, 2007 31 May'07

    Mozilla fixes potential DoS flaws in firefox

    Firefox versions and fix flaws attackers could exploit to do a variety of damage. Mozilla says this is the final update for Firefox 1.5.

  • May 14, 2007 14 May'07

    Admins run into trouble with Microsoft updates

    A DNS service failure and an ongoing WSUS glitch are among this month's frustrations as IT administrators try to deploy the latest security patches from Microsoft.

  • April 27, 2007 27 Apr'07

    Mac hack puts Apple faithful on the defense

    This week in Security Blog Log: A much-hyped QuickTime exploit threatens Mac OS X and Windows browsers, but the Apple faithful feel the greatest sting.

  • March 30, 2007 30 Mar'07

    Spam poses as Internet Explorer 7 download

    Beware of emails from "" It may look like an invitation to download Internet Explorer 7, but it's really a trick to infect machines with malware.

  • March 22, 2007 22 Mar'07

    Mozilla releases Firefox fix

    One newly-discovered flaw and several glitches introduced in the last update have been fixed with Mozilla's release of Firefox and

  • March 15, 2007 15 Mar'07

    Phishing risk seen in new IE 7 flaw

    Microsoft said it is investigating a flaw in Internet Explorer 7 (IE 7) attackers could exploit to launch phishing expeditions.

  • March 06, 2007 06 Mar'07

    Mozilla warns of a new Firefox flaw

    Attackers could exploit the latest Firefox flaws to bypass security restrictions and hijack targeted machines. The latest version of the browser corrects the problem.

  • February 26, 2007 26 Feb'07

    DOM property issue among several spurring Firefox update

    he Mozilla update fixes Firefox flaws digital miscreants could exploit to circumvent security restrictions, conduct cross-site scripting attacks and access sensitive information.

  • February 19, 2007 19 Feb'07

    Stop & Shop acknowledges security breach

    In other news, researchers warn of a new security hole in Mozilla Firefox that could allow attackers to tamper with cookies.

  • February 08, 2007 08 Feb'07

    Briefs: Vulnerabilities found in Trend Micro, Firefox browser

    This week, Trend Micro released a fix for a flaw in its antivirus engine, while no fixes are available for two newly discovered Mozilla Firefox browser flaws.

  • February 01, 2007 01 Feb'07

    Patch testing may suffer due to zero-day fears

    Windows users faced a breathtaking spike in zero-day threats last year and most security experts agree the problem is only going to get worse. Mark Shavlik, founder and CEO of Roseville, Minn.-based patch management firm Shavlik Technologies, is ...

  • January 16, 2007 16 Jan'07

    Who patches better: Microsoft or Mozilla?

    Window Snyder was a senior security strategist at Microsoft before leaving in 2005 to become a founder and CTO of Matasano Security LLC. Last September she became Mozilla Corp.'s security chief and is now responsible for locking down the popular ...

  • January 11, 2007 11 Jan'07

    Critical Apple flaw discovered in Mac OS X

    Attackers can exploit the flaw remotely to compromise a user's system via the Safari Web browser.

  • November 22, 2006 22 Nov'06

    Firefox, IE flaw could expose passwords

    A flaw in Firefox 2.0 and IE could affect anyone visiting a Web site that allows user-contributed HTML codes to be added, according to Chapin Information Services.

  • November 14, 2006 14 Nov'06

    Exploit code out for MS06-070 flaw

    Microsoft said it is aware of proof-of-concept exploit code for the Windows Workstation service flaw, which was among the vulnerabilities patched this week.

  • November 14, 2006 14 Nov'06

    Firefox antiphishing feature beats Internet Explorer in Mozilla test

    A Firefox automated antiphishing feature beat IE 7 in a test conducted by Mozilla, but analysts say large enterprises should focus on spam blocking software.

  • November 08, 2006 08 Nov'06

    Mozilla fixes Firefox flaws

    Attackers could exploit multiple flaws in Firefox, SeaMonkey and Thunderbird to crash machines, bypass security restrictions and launch malicious code.

  • November 06, 2006 06 Nov'06

    Microsoft eyes second zero-day threat in a week

    This time, attackers are going after a zero-day flaw in Windows, and Microsoft has released some workarounds until a patch is available.

  • November 03, 2006 03 Nov'06

    Security Blog Log: Dissecting Firefox 2.0

    This week, bloggers examine the security features of Firefox 2.0 and come away with mixed reviews. Does it fare better than Internet Explorer 7?

  • November 01, 2006 01 Nov'06

    Zero-day attacks target Microsoft Visual Studio

    Microsoft has outlined a series of steps users should take to protect their machines from attacks that exploit a new zero-day flaw in Visual Studio 2005.

  • November 01, 2006 01 Nov'06

    Flaw found in Firefox 2.0

    Attackers could exploit the security flaw to crash versions and 2.0 of the browser, according to various security advisories.

  • October 31, 2006 31 Oct'06

    Firefox fans unfazed by IE 7

    IT administrators like the security improvements in IE 7. But for those who use Firefox, Microsoft's browser upgrade isn't enough to make them switch.

  • October 30, 2006 30 Oct'06

    Triple trouble for Microsoft users

    Security researchers have reported three flaws affecting Microsoft, including two Internet Explorer glitches and a vulnerability affecting organizations that share Internet connections.

  • October 25, 2006 25 Oct'06

    Security Bytes: Secunia warns of another IE 7 flaw

    Meanwhile, Britain investigates an assault from Haxdoor; a Florida man is charged with attacking Akamai; and Britain's BT Group plans to buy Bruce Schneier's Counterpane.

  • October 20, 2006 20 Oct'06

    IE 7 arrives, but does anyone care?

    This week, the infosecurity community reacts to the long-awaited release of Internet Explorer 7 with a mix of satisfaction, disappointment and apathy.

  • October 12, 2006 12 Oct'06

    Brief: Malicious Web site poses as Google

    A malicious Web site poses as Google's Italian site, but attempts to install malicious ActiveX controls on victim's machines and ultimately redirect them to adult content.

  • October 03, 2006 03 Oct'06

    Remote Firefox JavaScript flaw claim disputed

    Hacker, Mozilla security official now say the flaw results in a DoS, not code execution.

  • September 21, 2006 21 Sep'06

    Security Blog Log: The new clearinghouse for flaws

    This week's Internet Explorer zero-day warnings illustrated how security vendors are increasingly using the blogosphere to deliver threat alerts to the public.

  • September 20, 2006 20 Sep'06

    IE attacks intensify, third-party patch issued

    Update: As more exploits target the VML flaw in Internet Explorer, a third-party fix patch is released and security organizations raise their alert status.

  • September 19, 2006 19 Sep'06

    Security Bytes: Zero-day attack targets IE

    In other news: The Department of Homeland Security (DHS) names a new cybersecurity chief and a new worm uses AOL Instant Messenger to spread.

  • September 15, 2006 15 Sep'06

    Mozilla fixes several Firefox flaws

    Several flaws could be used for man-in-the-middle, spoofing and cross-site scripting attacks. Mozilla has released Firefox to address the problems.

  • September 15, 2006 15 Sep'06

    Microsoft warns of new Internet Explorer threat

    Days after Patch Tuesday, Microsoft warned of a new threat against Internet Explorer. Attackers could exploit it to crash machines or take them over.

  • September 07, 2006 07 Sep'06

    Security Bytes: New flaw in Cisco IOS

    In other news: Mozilla hires a former Microsoft strategist to bolster security, a new "pump-and-dump" stock spam campaign is discovered and TippingPoint lists info on new flaws.

  • August 29, 2006 29 Aug'06

    Microsoft probes alleged Internet Explorer flaw

    A research group claims attackers could launch malicious code using a flaw in the way Internet Explorer instantiates certain COM objects' ActiveX controls.

  • August 22, 2006 22 Aug'06

    Update: Microsoft fixes faulty Internet Explorer patch

    Update: Microsoft has fixed a faulty browser fix that enabled an exploitable condition. Souces say a compatibility problem with Systems Management Server delayed the fix.

  • August 08, 2006 08 Aug'06

    Update: Microsoft's fixes 23 flaws, DHS urges action

    Updated: Microsoft releases a dozen August security updates, nine critical. The Department of Homeland Security says one fix in particular should be implemented immediately.

  • August 03, 2006 03 Aug'06

    Security Bytes: Cisco coping with more Black Hat revelations

    Speakers at Black Hat USA 2006 have revealed a Cisco CallManager Express flaw and a proof-of-concept exploit. Also: Patches for GroupWise and yet another Firefox update.

  • July 27, 2006 27 Jul'06

    Mozilla issues critical security updates

    The open source group has issued new versions of Firefox, Thunderbird and SeaMonkey to fix 13 software security flaws, eight of which have been deemed critical.

  • July 27, 2006 27 Jul'06

    Security Bytes: IKE protocol flaw affects Cisco gear

    Also: Microsoft will push IE7 as a high-priority update to Windows XP and Windows 2003 customers and MessageLabs releases new spam data as an analyst ponders the vendor's future.

  • July 25, 2006 25 Jul'06

    Security Bytes: New Microsoft exploits in the wild

    The exploits target issues Microsoft patched earlier this month. Meanwhile, flaws are reported in Oracle for OpenView and a Mozilla Firefox keystroke logger is on the loose.

  • July 20, 2006 20 Jul'06

    Security Bytes: Cisco patches CS-MARS flaws

    Meanwhile, Metasploit creator H.D. Moore warns of a serious Internet Explorer flaw and Cisco may get more unwanted attention at the upcoming Black Hat conference.

  • July 07, 2006 07 Jul'06

    Metasploit creator promises browser flaws galore

    This week in Security Blog Log: A researcher vows to expose a new browser flaw every day this month. Meanwhile, McAfee's blog marks a mournful malware milestone.

  • June 28, 2006 28 Jun'06

    Security Bytes: Strategic shift at Symantec leads to 80 layoffs

    New flaws and exploits surface in Internet Explorer; Apple fixes Mac OS X bugs; a new data security bill is filed; and F-Secure fixes a flaw in its antivirus products.

  • June 13, 2006 13 Jun'06

    Microsoft releases 13 security patches, eight critical

    The baker's dozen of new patches includes 12 new ones that address flaws in Internet Explorer and Word, plus a re-release of a patch first issued in March.

  • June 13, 2006 13 Jun'06

    Inside MSRC: ActiveX control change goes permanent

    Microsoft's Christopher Budd outlines the finer points behind this month's security bulletins, plus offers advice on when to open Word files and guidance for Exchange administrators.

  • June 08, 2006 08 Jun'06

    Microsoft to release 12 June security fixes

    June's "Patch Tuesday" security bulletins will feature nine Windows fixes, including a cumulative update for Internet Explorer, plus a pair of patches for Office and one for Exchange.

  • May 12, 2006 12 May'06

    Monster fix for Mac OS X, QuickTime

    Apple Computer Inc. has patched more than 25 flaws in its operating system and updated its media player to address 12 vulnerabilities.

  • May 09, 2006 09 May'06

    Exchange, Windows focus of latest Microsoft fixes

    The software giant releases its May security bulletins and two of the three are rated critical. Issues with Exchange and Flash Player are addressed, but none fixes the latest IE flaws.

  • April 28, 2006 28 Apr'06

    Security Blog Log: Burning about Firefox recruitment

    This week, a security blogger frowns on an independent group's efforts to force IE users onto the Firefox bandwagon. Plus, an international fight over identification cards.

  • April 27, 2006 27 Apr'06

    New IE flaws bring tally to three

    Two more security holes surfaced in Internet Explorer Thursday, on top of one announced Tuesday. Attackers could exploit the latest flaws to install malicious ActiveX controls and read sensitive data.

  • April 26, 2006 26 Apr'06

    IE 'object' tag flaw found

    Attackers could launch malicious code and corrupt system memory by exploiting the latest Internet Explorer flaw. Experts suggest avoiding untrusted Web sites.

  • April 24, 2006 24 Apr'06

    Security Bytes: More flaws in Mac OS X

    In other news: Financial firms scramble over massive online heist, Symantec warns of Scan Engine flaws and a new Snort-based tool is unveiled.

  • April 14, 2006 14 Apr'06

    Mozilla fixes nearly two dozen Firefox flaws

    The digital underground could exploit the vulnerabilities to bypass security restrictions, tamper with sensitive data or conduct cross-site scripting and phishing attacks.

  • April 11, 2006 11 Apr'06

    Inside MSRC: Microsoft details IE ActiveX update

    In his debut column, Microsoft security specialist Christopher Budd talk about the vendor's April software update, including a fix for the createTextRange flaw and changes in IE ActiveX behavior.

  • April 11, 2006 11 Apr'06

    Microsoft releases five fixes for IE, Windows

    The software giant's monthly update fixes several IE flaws, including the createTextRange issue, and addresses vulnerabilities in a range of Windows programs.

  • April 06, 2006 06 Apr'06

    Security Bytes: New IE flaw could enable phishing attacks

    In other news, Cisco patches a variety of flaws and attackers could access Windows file through a security hole in HP's printer software.

  • April 06, 2006 06 Apr'06

    Five Microsoft patches coming, but why wait?

    The createTextRange flaw in IE will be among those fixed, but with exploits in the wild, some debate whether once-a-month patching is right for the times.

  • March 30, 2006 30 Mar'06

    Security Blog Log: Nash, still at helm, addresses IE fixes

    With big updates in store for Internet Explorer, outgoing security chief Mike Nash uses Microsoft's security blog to address concerns.

  • March 28, 2006 28 Mar'06

    Third-party fixes available for IE flaw

    The unofficial work-arounds for the createTextRange flaw suggest the security community doesn't like waiting for Microsoft to address potentially dangerous vulnerabilities.

  • March 24, 2006 24 Mar'06

    Microsoft warns of brand-new IE exploit code

    The software giant offers workarounds for the so-called createTextRange flaw as security experts issue sober warnings about the potential impact.

  • March 23, 2006 23 Mar'06

    Security Bytes: Update fixes critical Sendmail flaw

    In other news: IE flaws continue to mount; RealPlayer vulnerabilities are addressed; and a "sophisticated" Trojan targets Microsoft's WMF flaw.

  • March 07, 2006 07 Mar'06

    Security Bytes: Mac patch falls short of expectations

    In other news, one hacker gains root access to a Mac while another shows how to compromise Microsoft Fingerprint Reader.

  • March 02, 2006 02 Mar'06

    Apple fixes more than a dozen OS X flaws

    The pile of security updates is Apple's response to not only a critical flaw uncovered last week, but also to the recent scrutiny regarding the security of its flagship OS.

  • February 27, 2006 27 Feb'06

    Threats don't diminish Mac's reputation

    IT pros still believe Mac OS X is more secure than Windows, despite recent challenges, but that isn't likely to help it unseat Windows in the enterprise.

  • February 21, 2006 21 Feb'06

    Critical flaw found in Mac OS X

    A serious problem with the way Apple's OS processes specially crafted resource forks and HFS metadata comes just days after it became the target of malicious code for the first time.

  • February 10, 2006 10 Feb'06

    Security Blog Log: A week of vulnerabilities

    This week the blogosphere focused on some significant security holes in Internet Explorer, Windows and Sun's Java Runtime Environment.

  • February 08, 2006 08 Feb'06

    Microsoft warns of fresh IE, Windows flaws

    Attackers could exploit an Internet Explorer flaw to launch malicious code. Meanwhile, a Windows glitch could allow elevated system privileges.

  • February 03, 2006 03 Feb'06

    Security Blog Log: Surprise! IE 7 beta has a flaw

    Security researchers in the blogosphere are buzzing about a flaw in IE 7. Should users wait before taking the browser for a spin?

  • February 02, 2006 02 Feb'06

    Mozilla issues Firefox mega-fix

    The digital underground could exploit as many as seven flaws to bypass security restrictions, compromise sensitive data and launch cross-site scripting attacks.

  • January 31, 2006 31 Jan'06

    Security Bytes: Firefox flaw could expose sensitive data

    Meanwhile: MIT researchers warn of attacks exploiting Skype; man gets two years in prison for selling Microsoft source code; Fortinet and Trend Micro settle a patent dispute.

  • December 13, 2005 13 Dec'05

    Microsoft issues critical fix for IE

    In addition to the long-awaited browser fix, the software giant also addressed an "important" Windows kernel flaw involving how certain procedure calls are processed.

  • December 08, 2005 08 Dec'05

    Two Windows patches coming, IE fix uncertain

    It remains to be seen whether the software giant on Dec. 13 will address an outstanding Internet Explorer issue that is currently the target of a malicious Trojan.

  • December 01, 2005 01 Dec'05

    Out-of-cycle IE patch may be imminent

    Microsoft may release a critical Internet Explorer fix before the next Patch Tuesday, amid reports that malicious code is targeting a memory corruption flaw.

  • November 22, 2005 22 Nov'05

    Influential survey says security 'set back by 6 years'

    Update: The SANS Top 20 vulnerability list for 2005 shows the bad guys attacking flawed apps and paying more attention to network holes.

  • November 21, 2005 21 Nov'05

    Exploit code targets IE memory corruption flaw

    Update: Security experts warn of proof-of-concept code for a memory corruption flaw in Internet Explorer. One firm recommends disabling Active Scripting, and explains how.

  • October 27, 2005 27 Oct'05

    Security Bytes: IE7 defenses revealed

    In other news, former HP CEO Carly Fiorina takes a role with Cybertrust; malware exploits avian flu fears; and Zotob's impact is measured.