Bell Labs finds "significant" JavaScript security hole

A Bells Labs researcher has discovered what is being described as a 'significant flaw' in the JavaScript language used in World Wide Web browsers from both Microsoft and Netscape. The flaw, discovered by researcher Vinod Anupam, enables an unscrupulous Web site to load a so-called 'Trojan horse' and gain access to users' private data while they are filling in forms on the site, Bell Labs officials say.

A Bells Labs researcher has discovered what is being described as a "significant flaw" in the JavaScript language used in World Wide Web browsers from both Microsoft and Netscape.

The flaw, discovered by researcher Vinod Anupam, enables an unscrupulous Web site to load a so-called "Trojan horse" and gain access to users' private data while they are filling in forms on the site, Bell Labs officials say.

"The easiest way to disable the flaw is to turn off JavaScript," said Chris Pfaff, spokesman for Bell Labs. "We actually discovered the flaw on June 24 and we notified both Netscape and Microsoft."

Microsoft is currently preparing a bug fix, according to Pfaff. Netscape officials could not be reached for comment.

Based in Murray Hill, New Jersey, Bell Labs can be reached on the Internet at http://www.lucent.com/.

Join the newsletter!

Error: Please check your email address.
Show Comments

Market Place

[]