Vulnerabilities found in Internet Explorer (IE) have been well-documented in the past due to the browser’s popularity among users. However, the rise in the use of alternative browsers, particularly Apple Safari and Opera, has now led to the discovery of new vulnerabilities as well.

Trend Micro researcher Rajiv Motwani reports that there have been a lot of exploits for all browsers last week. According to Motwani, this may be due to the fact that exploit code is publicly available, making it more challenging for users to protect themselves from these threats because patches are not always available. “Also, the same code can sometimes be used to exploit several browsers,” adds Motwani.

A vulnerability in Apple Safari version 4.0.5 for Windows has been found that allows a window object to be deleted even if references to it still exist. This creates an invalid pointer whenever specially crafted JavaScript code attempts to use the deleted object, which may permit a remote user to control the pointer using the said code. Cybercriminals may exploit this by persuading users to view an HTML document using Safari, then run an arbitrary code using an authorized user’s privileges. For further details, you may check out Vulnerability Note VU#943165.

A similar threat was also noted for Opera, which could allow an attacker to execute arbitrary code using privileges similar to that of the legitimate user. This flaw makes it possible for attackers to make Opera access uninitialized memory and cause memory corruption, thus allowing them to execute arbitrary code on the system. Opera has already released the necessary security patch for this.

The U.S. Computer Emergency Readiness Team strongly advises users to disable JavaScript and to avoid clicking links found in email messages, instant messages, Web forums, or Internet Relay Chat (IRC) channels, among other possible workarounds.

Trend Micro Deep Security™ and Trend Micro OfficeScan™ already protect enterprise users against this particular threat via the Intrusion Defense Firewall (IDF) plug-in as long as their systems are updated with IDF rule numbers 1004147, 1004141, and 1004126.