Stories
Slash Boxes
Comments

SoylentNews is people

posted by chromas on Thursday May 03 2018, @09:50PM   Printer-friendly
from the running-windows—I-mean-javascript—I-mean-malware dept.

From The Daily Swig:

A serious vulnerability in the latest version of Microsoft Edge [a Windows web browser ed] enables attackers to spoof URLs with just five lines of code. The flaw, discovered by Argentine researcher Manuel Caballero, can make a malicious website appear to be legitimate through the use of the Stop() command, which interrupts the page loading process. With the target URL still appearing in the address bar, the document.write() JavaScript command can then be used to overwrite the contents of the page.

[...] With this bug, probably the only truly safe way reach any website using Edge is to open a new tab and type the URL by hand, or access it through your bookmarks.

This vulnerability appeared in a recent "security" update from Microsoft; users of Edge might want to investigate what version they are using.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Interesting) by Anonymous Coward on Friday May 04 2018, @10:42AM

    by Anonymous Coward on Friday May 04 2018, @10:42AM (#675577)

    > Edge doesn't offer this

    Proprietary web interface to Oracle database that requires MS browser to view. The reason that it requires MS browser is because this is the only one that will accept the insecure "security certificate". I think it is an issue with protocol rather than signing authority - firefox doesn't give me a decent error message any more, but I don't think it can be worked around even by hacking firefox browser options. I know, it's a shitfest.

    Starting Score:    0  points
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  

    Total Score:   1