Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: < heads up >ie6 new vulnerabilities

  1. July 13th, 2004, 04:45 AM #11
    Tedob1
    Tedob1 is offline
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    using ie i have 'prompt' for java script set. when the prompt comes up i hit the space bar for 'NO' by default...how much trouble is that. in firefox which i also have on my machine i have two choices. allow or deny java script....i like prompt.


    ive only checked out the first exploit given so far but using firefox to go to the example page opens up ie tips when i click on "go" with java enabled. this is another exploit of the digitally impared. those that just click on any link there given. i read the code before i clicked the link in case anyones wondering.

    on to look at the rest!
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
    Reply With Quote Reply With Quote
  2. July 13th, 2004, 04:56 AM #12
    cgkanchi
    cgkanchi is offline
    Antionline Herpetologist
    Join Date
    Aug 2001
    Posts
    1,165
    My question is, if there's this many for MS' *browser*, then what the hell do you think could be found for the OS if someone really got down to it?
    The real problem here is, that IE isn't really that much different from the Windows shell. Hell, it is the Windows shell with slightly different menus. So in essence, an IE vulnerability is a Windows vulnerability.

    Cheers,
    cgkanchi
    Buy the Snakes of India book, support research and education (sorry the website has been discontinued)
    My blog: http://biology000.blogspot.com
    Reply With Quote Reply With Quote
  3. July 13th, 2004, 05:34 AM #13
    Tedob1
    Tedob1 is offline
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    2) requires java script to load a new page. not from me! good practices dictate that i copy the link and paste it. "javascript:govuln()".....not hardly

    in ff it open the page with java enabled. the alert box opens with Javascript injected! Location: about:blank cookie: it was supposed to load google so by default FF is not affected

    3) downloaded file like a normal file in ie without anything opening. choosing no to java script of course. FF not vulnerable.

    4) requests to load 2 java scripts and an activeX control...i would never allow this even on AO

    5) same thing as 2.


    OK so whats the big news. allowing the 'convieniences' to run is trouble. always has been. with js off in FF i cant give any greenies while in IE i hit f5 and select to let the first js run. BFnD

    im not defending IE but rather safe browsing practices. with everything set to prompt my computer is safe from these new holes even using IE.

    once the exploits hit the web, well... unsafe sites are still going to be unsave, and it might be safer for mom and pop to move over to firefox for the time being but as illustrated with the the first one on the list IE has to be removed or at least unregistered to open ht* files but if a large portion move over to firefox its going to become the target.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules