Page 1 of 1
Browser Vulnerabilities
Posted: Tue Apr 18, 2006 11:01 am
by raw
There's a few new holes out there for IE5+ (Including 7 BETA 2) which I thought you should all know about.
http://secunia.com/Internet_Explorer_Ad ... ility_Test
I've tested this and the fix works but is a pain in the ass to get the sites you want to work (that use active scripting). Once its set up, it's quite secure.
Oh, and for you Firefox junkies, it appears to be more vulnerable than IE 
)
http://secunia.com/advisories/19631/
Re: Browser Vulnerabilities
Posted: Tue Apr 18, 2006 2:17 pm
by CheapAlert
no worries as my firefox autoupdated the few days before. Eat that M$.
Posted: Tue Apr 18, 2006 4:20 pm
by Tormentius
Nice find. Thanks :icon14:
Posted: Tue Apr 18, 2006 4:55 pm
by Oeloe
It isn't like Secunia is an all-knowing authority that has a complete list of vulnerabilities of all browsers. Whenever new security holes in FF are found, the Mozilla team will generally respond more quickly than MS to fix them.
Posted: Tue Apr 18, 2006 5:17 pm
by Foo
Does firefox even need to make the security pitch anymore? IE has a terrible interface, and even the newest preview versions look like someone took a shit on a VB form.
Posted: Tue Apr 18, 2006 5:51 pm
by Tormentius
Foo wrote:Does firefox even need to make the security pitch anymore? IE has a terrible interface, and even the newest preview versions look like someone took a shit on a VB form.
Considering the number of vulnerabilities seems to be increasing with Firefox in direct proportion to their market share I'd say no, they shouldn't be making the security pitch.
IE7's interface is a huge improvement over previous versions IMO.
Posted: Tue Apr 18, 2006 5:57 pm
by Foo
Tormentius wrote:IE7's interface is a huge improvement over previous versions IMO.
I'll give you that, for sure.
MS have more a general issue with their presentation than any localised issue TBH. Can't help thinking they'd gain more market share if they learned the simple lesson 'less is more'.
Posted: Tue Apr 18, 2006 5:58 pm
by Tormentius
Foo wrote:Can't help thinking they'd gain more market share if they learned the simple lesson 'less is more'.
Quite agreed.
Posted: Tue Apr 18, 2006 9:40 pm
by ^misantropia^
The astute reader will notice that most of the Firefox vulnerabilities are JavaScript exploits. Using the
NoScript extension and only allowing trusted sites to run JS will alleviate the problem a great deal.
Posted: Tue Apr 18, 2006 10:17 pm
by Foo
riddla wrote:Foo wrote:MS.... Can't help thinking they'd gain more market share if they learned the simple lesson 'less is more'.
Bau·haus adj. Of, relating to, or characteristic of a 20th-century school of design, the aesthetic of which was influenced by and derived from techniques and materials employed especially in industrial fabrication and manufacture. The core aesthetic of the Bauhaus methodology is that "form always follows function".
Ah, but which if the three generations of bauhaus do you follow?
Posted: Tue Apr 18, 2006 10:38 pm
by Oeloe
How about a Jugendstil browser. :icon26:
Posted: Tue Apr 18, 2006 11:12 pm
by Tormentius
^misantropia^ wrote:The astute reader will notice that most of the Firefox vulnerabilities are JavaScript exploits. Using the
NoScript extension and only allowing trusted sites to run JS will alleviate the problem a great deal.
Most of the IE exploits also involve active scripting of some form or another. Active scripting in general is the single largest point of vulnerability in any browser.
Posted: Wed Apr 19, 2006 12:09 am
by Zimbo
You should try the Opera 9 beta. It's fast, free, stable, and now that it blocks most popups and ads, it's really just as good as Firefox. And it doesn't have memory leaks.
Posted: Wed Apr 19, 2006 1:24 am
by raw
Oeloe wrote:It isn't like Secunia is an all-knowing authority that has a complete list of vulnerabilities of all browsers. Whenever new security holes in FF are found, the Mozilla team will generally respond more quickly than MS to fix them.
This happens to ring true 
the fix was released today per that link I already posted.