New IE, Mozilla Flaws Exposed

New Years celebrations may be over, but Secunia is displaying some post-holiday fireworks by firing off a steady succession of browser-related security advisories. Secunia announced a trio of Internet Explorer vulnerabilities that can be exploited by malicious users to bypass "Local Computer" zone restrictions and execute code on PCs running affected versions of Microsoft Windows.

The advisories come just days after the firm released a critical bulletin for Mozilla based browsers, including Firefox.

Two of the alleged Internet Explorer vulnerabilities originate from flaws in the browser's HTML Help Control. The first HTML Help control advisory warns of how an embedded HTML control placed on a hacker's Web site can reference a specially crafted index (.hhk) file that can be set to execute HTML documents or malicious scripts locally.

In addition to executing arbitrary HTML and scripting, programs may be run in the "Local Computer" zone. In order for the attack to be successful, the user must be lured to the Web site.

The second HTML Help control vulnerability also avoids zone restrictions by manipulating an error in the control's handling of the "Related Topics" command. Secunia warns that malicious Web sites can then be used to, "execute arbitrary script code in the context of arbitrary sites or zones," thus bypassing a security feature of Windows XP Service Pack 2.

Both of the techniques can be used to conduct cross-site scripting (XSS) attacks, where scripts execute commands from an attacker's server.

Another reported vulnerability arises from what Secunia describes as "insufficient validation of drag and drop events" between the "Internet" zone to local resources. Seemingly harmless files including images and media can be used as a vessel to implant HTML documents on a users system to execute arbitrary scripts in the "Local" zone. This vulnerability may be an offshoot of a previous Secunia advisory.

Not all of Secunia's recent reports is limited to Microsoft based software. Last week, Secunia revealed that a vulnerability in Firefox could be used to spoof the source that is shown in the browser's download dialog box, making malicious downloads seem legitimate.

Secunia advises Firefox users to avoid dangerous links by only downloading files from trusted sources. The vulnerability has been confirmed to affect Mozilla 1.7.3 for Linux, Mozilla 1.7.5 for Windows, and Mozilla Firefox 1.0.

Also last week, Polish security firm iSEC Security Research uncovered a vulnerability that takes advantage of the way Mozilla processes the NNTP news protocol. Due to the flaw, maliciously constructed news server links could be used to conduct "phishing" schemes. All versions of Mozilla released before build 1.7.5 and Firefox builds prior to the official 1.0 release are affected.