Microsoft's Internet Explorer and Mozilla's Firefox are both vulnerable to a new JavaScript flaw that could allow attackers to steal confidential information.

The flaw affects fully patched browsers on Windows, Linux and Mac systems, according to a posting on the Full Disclosure security mailing list.

The issue is caused by the 'OnKeyDown' JavaScript feature that allows websites to capture and duplicate keystrokes entered into data fields, including fields where users enter credit card information.

Security experts noted that exploiting the flaw would require the user to type a fair amount of text. Attackers would therefore most likely target online games or blogs.

Security website Secunia rated the flaw 'less critical' for Internet Explorer and Firefox.

Although the flaw requires a sophisticated attacker to effectively exploit it, it is noteworthy because it spans multiple operating systems and browser vendors.

The SANS Internet Storm Centre warned users to be cautious in allowing JavaScript to run.

More stories on these topics:
Permalink  Comments  Forward
what do you think?
Click here for more Post your comment
Click here for more Send an email to the Computing editor at feedback@computing.co.uk
Reader comments for this story
Post your comment Post your comment   What is this?
Like this story? Spread the news by clicking a link:   Post this to Delicious del.icio.us     Post this to Digg digg this     Post this to reddit reddit!

related content
latest news
Shrek
Innovation
BulletDreamworks to revamp 3D film technology
Partnership with Intel will see hardware and software upgrade to improve film creation  08 Jul 2008
Diane Greene
Strategy
BulletVMware shares fall as founder leaves
Virtualisation specialist also warns that full-year sales will be below expectations  08 Jul 2008
House of Lords
Government
BulletLords call for e-crime shakeup
Fraud should be reported to police, not banks and consumers must have more protection, says Committee  08 Jul 2008
Click here for more More news
latest in depth
An Ogilvy & Mather ad campaign
Innovation
BulletAd firm promotes green IT rollout
Warmer datacentres and print management spearhead green push  03 Jul 2008
carbon trust
Green
BulletCarbon Trust funds datacentre simulation project to cut emissions
Open source tool in development to measure workload-based data centre carbon output  02 Jul 2008
easyjet aircraft
Transport
BulletEasyJet reviews IT processes
Cutting fuel costs and improved services high on airline’s agenda  03 Jul 2008
Click here for more More in depth

Advertising Marketplace

Sponsored links

Featured jobs

System Tester/Test Analyst £27K-£32K+bonus, flexi, 35 hr week
West Midlands, Warwickshire, United Kingdom | Latham
System Tester/Test Analyst £27K-£32K + bonus, flexitime, 35 hour week, South Warwickshire, West Midlands. System Tester, Test Analyst, Systems Tester. Large financial services company looking for proven Testers and Test Analysts. Do you have at least ... more >
Network and Systems Engineers
United Kingdom | MI5 Security Service
Network and Systems Engineers Working for MI5 you will use your expertise to protect the UK from terrorism, espionage and other threats to national security. You'll be joining a team that provides essential technical analysis ... more >
Assistant Director / Head of ICT
Hove, United Kingdom | Brighton & Hove City Council
 Assistant Director / Head of ICT, c£75k plus relocation, Hove  Technology has a huge part to play in people's lives. It empowers them, supports them, sets them free and makes their lives easier in a million ... more >
Operations Engineer
Colindale (C1905), United Kingdom | NHS Blood and Transplant
 Operations Engineer, £28,313 - £37,326 pa plus High Cost Area Supplement, Colindale (C1905) About us The National Blood Service is an integral and vital part of the NHS. Our two million volunteer donors contribute 1.6 ... more >
Click here for more  More job opportunities