Daily cyber threats and internet security news: network security, online safety and latest security alerts
August 9th, 2009

Browser Vulnerabilities Expose Users To Man-in-the-middle Attacks On HTTPS

Security researchers at Microsoft have found a way to break the end-to-end security guarantees of HTTPS without breaking any cryptographic scheme. Affected browsers include Microsoft’s Internet Explorer 8, Mozilla Firefox, Google Chrome, Apple Safari and Opera.

During a research project concluded earlier this year, the Microsoft Research team discovered a set of vulnerabilities exploitable by a malicious proxy targeting browsers’ rendering modules above the HTTP/HTTPS layer.

According to Microsoft Research team, in many realistic network environments where attackers can sniff the browser traffic, they can steal sensitive data from an HTTPS server, fake an HTTPS page and impersonate an authenticated user to access an HTTPS server. These vulnerabilities reflect the neglects in the design of modern browsers — they affect all major browsers and a large number of websites.

According to a SecurityFocus advisory, attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how sites are rendered to the user. Other attacks are also possible.

Originally, it was believed that this issue only affected Mozilla’s browsers but the advisory was update to reflect that the issue affects multiple browsers, not just Mozilla products.

Credit: Security Blogs

Share this item with others:

More on CyberInsecure:
  • World Of Warcraft Gamers Hit By Man-In-The-Middle Attacks
  • New Tool To Be Released Can Steal Authentication Credentials Through Encrypted Secure Channels
  • High-risk Vulnerabilities In Google Chrome
  • Google Adds User Enabled HTTPS Secure Connections Into GMail
  • Researcher Publishes Two iPhone Vulnerabilities That Apple Just Wouldn’t Patch

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Browser Vulnerabilities Expose Users To Man-in-the-middle Attacks On HTTPS

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.