Browsers Still Vulnerable to Command Injection Attacks, Hackers Say
Nathan McFeters and Rob Carter want you to know that it's not over - even if an initial fix to block command injection attacks was released in the last few days.
"It's not done. There's going to be more stack overflows, more ccommand injections," McFeters says. "It gets scarier as you go on. We want to make third party developers aware that when you register URI you are creating an attack environment."
Firefox and Netxcape Navigator 9 register URIs to be compliant with Windows Vista, so they are now vulnerable to command injection when called from the IE, says Rob Carter, who with McFeters runs the xs-sniper.com site where this is discussed in detail.