New Zero Day Flaw Hits IE, Firefox and Others

A new vulnerability was discovered with both the Internet Explorer and Firefox web browsers, as well as Mozilla and SeaMonkey. The vulnerability affects the web browsers whether they are running on Windows, Mac or Linux. The flaw could allow an attacker to capture keystrokes from the target machine and possibly steal private or sensitive information such as usernames or passwords, but it also requires a lot of interaction from the user so security vendors such as Symantec and Secunia have rated it as a low threat. This article on Yahoo News about the vulnerability calls it a 'zero-day flaw', but that is sensationalist in my opinion. A zero-day exploit is when an exploit is being actively used to compromise systems using a vulnerability that was previously undiscovered. All vulnerabilities, when first discovered and disclosed, are 'zero-day' using the definition from the Yahoo News headline. To guard against this new vulnerability being exploited on your system, Symantec recommends that you disable active scripting and be cautious about the types of web sites you visit.