eBay scammers have been exploiting unpatched weaknesses in the Firefox and Internet Explorer browsers to deliver counterfeit pages that try to dupe people surfing the online auction house to bid on fraudulent listings.
The attacks managed to inject eBay pages with hostile code by exploiting issues long known to afflict Firefox and IE. While eBay has managed to block the exploit from working on its domains, other websites that accept user-generated content may still be vulnerable to the attacks, web security experts warn.
Firefox security volunteers say they are in the process of patching the vulnerability. For their part, Microsoft officials say the exploits aren’t the result of a vulnerability in IE but rather of websites that fail to properly protect against such attacks.
Read the full story here.