The flaw focuses on IE's inline frames, often used for serving ads, which typically come from a different domain than content that appears on the same Web page. Microsoft's Internet Explorer 6, 7, and 8 beta 1 appear to contain a security flaw that could subject users who visit a malicious Web site or open a malicious e-mail message to arbitrary code. U.S. CERT has published a vulnerability note indicating Internet Explorer doesn't handle document frames securely.Document frames can be used to subdivide Web pages such that the content associated with each division comes from a different server or domain. These "iframes," or inline frames, often are used for serving ads, which typically come from a different domain than content that appears on the same Web page.
The problem, as U.S. CERT describes it, is that "Microsoft Internet Explorer fails to properly restrict access to a document's frames, which may allow an attacker to modify the contents of frames in a different domain."
Link: Secunia Security Advisory
View: Full Article @ InformationWeek
See? Just as useless of a post, but at least my suggestion doesn't cost money.
This vulnerability doesn't work on Safari. Another reason to migrate.
Oh this is fun! Any more useless comments?
See? Just as useless of a post, but at least my suggestion doesn't cost money.
Correction: It doesnt work on Windows Internet Explorer.
It does on Microsoft Internet Explorer.
Another reason to use Firefox.
It does work on IE7 Vista x86. Another reason to... eh, you decide.
Microsoft Internet Explorer 7.0 Details Be...
Three New Internet Explorer Vulnerabilities
Microsoft Internet Explorer Two Vulnerabil...
Microsoft Internet Explorer Disclosure of...
Four Microsoft Internet Explorer Multiple...
Internet Explorer Vulnerability Exploited...
Internet explorer vulnerability.
I don't think you need to be a Mensa member to figure out the pattern here.
Care to share your source?
Care to share your source?
http://secunia.com/product/12434/ <-- 2.x
http://secunia.com/product/19089/ <-- 3.x
Contrast IE and Firefox to Opera:
http://secunia.com/product/10615/ <-- Opera, currently all clean.
(p.s. I don't use Opera, I still prefer Firefox, but ya gotta give props where they are due! )
Straight from Secunia.com:
Product IE7
Vendor Microsoft
Affected By 29 Secunia advisories
Unpatched 34% (10 of 29 Secunia advisories)
Most Critical Unpatched
The most severe unpatched Secunia advisory affecting Microsoft Internet Explorer 7.x, with all vendor patches applied, is rated Moderately critical
Next time you want to prove that Firefox is all "vulnerable" and has "problems", you might want to consider out the buttload of problems IE has before you post.
You know, just to get some perspective. And not scew things totaly one way.
This isn't Fox News, you know. If you pull that sort of crap around here, people are going to point out the gaping hole in your logic. Because they can. And because it's a hole. That gapes.
Now look sad and say "Duh'oh!"
Last edited by Airlink on 03 Jul 2008 - 08:36
Straight from Secunia.com:
Product IE7
Vendor Microsoft
Affected By 29 Secunia advisories
Unpatched 34% (10 of 29 Secunia advisories)
...
This isn't Fox News, you know. If you pull that sort of crap around here, people are going to point out the gaping hole in your logic. Because they can. And because it's a hole. That gapes.
Now look sad and say "Duh'oh!"
Firefox 2.x (you know, the version with a comparable history, as it would be grossly disingenuous to compare Firefox 3 to anything) should be the one used to compare, unless you are deliberately comparing a fresh release to avoid the truth. It has a significant and comparable number of vulnerabilities, with the current most severe one rated at "Highly critical", which is the second-worst value they apply. IE7's rating is only "Moderately critical", which is the middle rating, less severe than Firefox.
I know this isn't Fox. I just guess I expected a little more reason and comprehension from those reading my posts. For example, I posted I am a firefox user, and gave recognition to Opera for their good work. I don't like IE. I don't use IE. I use Linux and cannot use IE, so there goes your theory that I am somehow in a conspiracy to screw Firefox in IEs favor.
Goodbye.
Care to share the rationale of your sarcasm?
BTW, there is no such thing as "secure" software. However, some companies are better at writing secure code than others.
Meanwhile, all the popular software receive feedback and fix their vulnerabilities.
I prefer Firefox, but i don't like to bash IE because i think it is a good browser. As good as the others out there. It is just a matter of taste (and FF extensions)...
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.