Internet Explorer, Safari and Firefox all vulnerable to arbitrary code execution

April 18, 2009 Software Review

During the Pwn20wn contest at CanSecWest, three of the most used web super_rabbid_returns_by_sofyx browsers, Apple’s Safari version 3.2.1, Microsoft’s Internet Explorer version 8 and Mozilla’s Firefox version 3.0.7 were found to be vulnerable to an arbitrary code execution. One of the authors of these vulnerabilities is Nils, a computer science student, who discovered the vulnerability in all of the most used web browsers and earned a quote of $15,000$.

Addition descriptions about the vulnerabilities:

Microsoft Internet Explorer 8 Unspecified Bugs Lets Remote Users Execute Arbitrary Code

A vulnerability was reported in Microsoft Internet Explorer. A remote user can cause arbitrary code to be executed on the target user’s system. A remote user can create a specially crafted HTML that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

Apple Safari Unspecified Bugs Lets Remote Users Execute Arbitrary Code

Two vulnerabilities were reported in Safari. A remote user can cause arbitrary code to be executed on the target user’s system. A remote user can create specially crafted HTML, that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

Mozilla Firefox Unspecified Bug Lets Remote Users Execute Arbitrary Code

Same as above.