Security researchers published details on the bugs in Microsoft's Internet Explorer, Apple Computer's Safari and Mozilla's Firefox to security mailing lists over the weekend. The Firefox and Safari bugs could cause the browsers to crash, while the IE hole could be exploited to hijack a vulnerable Windows computer, Secunia said in advisories on its Web site.
The security monitoring company deems the IE flaw, reported by bug hunter Michal Zalewski, "highly critical." The problem has been confirmed on version 6 of the popular software, but could also affect other versions, the company said. The vulnerability lies in the way IE processes HTML tags. An attacker could exploit the bug by crafting a malicious Web site, Secunia said.
The alerts come just days after security researcher Tom Ferris reported severalincluding Safari. Also, Microsoft earlier this month issued .
Microsoft is investigating the newly disclosed vulnerability and believes it is not as serious as Secunia claims, the software maker said in an e-mailed statement Tuesday. "Our initial investigation has revealed that the issues described would most likely result in the browser closing unexpectedly or failing to respond," it said.
Symantec also said that the IE flaw could be exploited to run malicious code on a vulnerable PC. However, this has not been confirmed, the security specialist said in a note to subscribers to its DeepSight service. "Exploit attempts likely result in crashing the affected application," Symantec said.
Secunia rates the
Safari version 2.0.3 has been confirmed as vulnerable, and other versions may also be affected, Secunia said. Firefox 188.8.131.52, the most recent version, is flawed and so may be earlier versions, according to Secunia's advisory. Apple and Mozilla did not immediately respond to requests for comment.
Because fixes are not available for any of the security holes, Secunia recommends not browsing untrusted Web sites to avoid the problem.