High Risk Man-In-The-Middle Attack: Browser Security Advisory

First reports of a vulnerability apparently discovered by Microsoft at the start of this year, appeared in mid June. The vulnerability could reportedly be used to carry out man-in-the-middle attacks on HTTPS connections. Mozilla classed the risk as high and released corresponding patches for its browser. It has now become clear that the vulnerability affects many other browsers. A specially prepared proxy can inject HTML and script code into the context of a secure page. This permits modification of displayed data or, in the case of cookie-based authentication, identity theft. A security advisory from SecurityFocus, modified a few days ago, now cites Chrome, Opera, Safari and Internet Explorer as being affected.

The link for this article located at H Security is no longer available.