'New' old IE bug rises from grave, again.
techAdmin
Status: Site Admin
Joined: 26 Sep 2003
Posts: 4127
Location: East Coast, West Coast? I know it's one of them.
Reply Quote
Clearly, Microsoft is unable to handle the security problems of Internet Explorer. Their recent attempts to create an image of being security conscious simply cannot overcome the inherent structural insecure nature of the the IE software architecture, especially when it comes the linking of the browser and OS.

:: Quote ::
Recent updates to IE contain a serious regression that leaves systems once more vulnerable to a flaw fixed more than two years ago, according to security researchers. Security Focus / The Register


Obviously, what they will need to do is rewrite IE from the ground up. Whether they have the will and even capacity to do this is an open and debatable question. My guess is that if they are unwilling to change their basic corporate philosophy about integrating everything into the OS, these types of issues will never, and can never, be resolved.

Here is Gray Magic's analysis:
:: Quote ::
By default the <script> data-island only allows URLs from the same domain as the document to be assigned to its "src" attribute. Unfortunately, it fails to correctly validate its "src" attribute against a redirection, which potentially allows any web page to do the following:

* Read XML files from any URL.
* Read portions of non-XML files from any URL.
* Read local XML files, in some setups.
* Read portions of local non-XML files, in some setups.

Any of the exploitations above may expose sensitive and private information belonging to the user.


I've given up on IE completely for several years, I recommend anyone reading this do the same. Firefox, which came out of the rebuilt Netscape/Mozilla browser, is a great browser, pretty secure, and with a lot of powerful extensions available to customize it, although the basic package will meet most user's needs perfectly.
Back to top
Display posts from previous:   

All times are GMT - 8 Hours