Risk: Medium
Users of IE, Firefox, Opera, Safari and Konqueror all need to patch their browsers or implement workarounds following the release of a "full house" of Internet client bug reports.
The most serious risk comes from a brace of IE security bugs, which could be exploited to take over victim's systems. One of the vulnerabilities, a security zone restriction error, can bypass a security feature in Microsoft Windows XP SP2. Even fully patched systems with IE 6.0 and Microsoft Windows XP SP2 are vulnerable. Users are advised to disable active scripting as a precaution against attack. Andreas Sandblad of Secunia Research and grey-hat hacker http-equiv independently discovered the vulnerabilities.
Separately, research has discovered vulnerabilities in various browsers (Firefox, Opera, Safari and Konqueror) that might be exploited by malicious web sites to spoof dialog boxes. The "moderately critical" bug could be used to trick users into handing over information to untrusted sites although exploitation is far from trivial. Successful exploitation would normally require that a user is tricked into opening a link from a malicious web site to a trusted web site in a new tab.
Advisories are stating that users should, as a general rule of thumb, not visit trusted web sites and untrusted web sites at the same time or to disable JavaScript as possible workarounds whilst vendors test patches. Some of these have already been released to the public domain. KDE 3.3.1 already protects users from the vulnerability. Opera 7.60, currently in development, also guards against the spoofing exploit.