Four new dangers to the Full Disclosure mailing list for both the Microsoft Internet Explorer as well as Mozilla Firefox have been recently published by Michal Zalewski, a Security researcher.
Both the vendors have not yet offered any patches. If you are thinking about the most serious one then it is MSIE page. The update race condition of MSIE page, in which users usually navigates from one page to another page with JavaScript having similar domain experience. This would offer great opportunities to attackers for concurrently executing JavaScript and they would effectively perform actions using previous page permissions.
Firefox Cross-site IFRAME is another severe hijacking in which attack on the blank frames may result in wrongful execution of code.
Image:cnet
Via:aviransplace
