SECUNIA said there are two bugs in Microsoft Internet Explorer which can be exploited by wicked people and which bypass security features in Windows XP SP2.
The bugs were discovered by http-equiv, said Secunia, and compromise systems by insufficient validation of drag and drop events, and related to a security zone restriction error.

Secunia describes these bugs as "highly critical", and said they have been confirmed as existing in a system using IE 6 and Windows XP SP2.

The problems can be worked round by turning off Active Scripting, and that advisory is here.

Meanwhile, Secunia also said there are less critical bugs in Mozilla Firefox - the advice can be found here and relates to tabbed browsing capabilities. Similar problems have been found in Netscape 7.2, in Avant, and in Konqueror, as well as Opera, Maxthon and Safari.




Source:

The |NQ!