Massive Security Loophole Found in All Web Browsers
Created | Updated Aug 8, 2003
The Internet Engineering Taskforce (IETF) today announced they had discovered a "far-reaching and fundamental" security flaw in many of the web browsers currently available, including the new 4.0 versions of Netscape's and Microsoft's flagship browser products. "This loophole could seriously compromise the integrity of user data, if exploited by an unscrupulous webmaster." said Bill Robinson, a consultant and advisor to the IETF.
The details of the possible attack were announced in the usual way in usenet newsgroups by the IETF. The bulletin states that "any browser that displays HTML pages" may be vulnerable to the loophole. "An unscrupulous webmaster may exploit this loophole by placing a message on any HTML page which instructs the user to format their system's hard disk." says the announcement.
Robinson stated that the code preys on users that don't take strict security precautions, and that have trouble breathing with their mouths closed.
One possible version of the 'rogue' code
The IETF recommended that Netscape users tick the "Disable Java" option in the Netscape preferences dialog. "It won't do a damn bit of good," said Robinson, "but it's about the only piece of Netscape user interface that you can use without causing the damn thing to crash and burn, so what the hell - it gives them something to do."
Microsoft claimed they would have a fix for MSIE available within 48 Microsoft hours.
Linux users remain unaffected by the security threat as they don't have any data anyone gives a toss about anyway.