New MSIE security hole?

[intmon]

I received an email today, the subject of which may interest some of you. I've read the report on the URL listed in his email, and the security "hole" seems to be valid, though I don't know if any other code on the page would actually run other than the code he used to produce the "hole" itself. Have a look...

------------------

NEW security hole / exploit in IE6 with SP2 and all the latest security patches that can be abused by hackers to run harmful JavaScript code and can be abused to mislead existing protection against harmful JavaScript code.

All the information about the new bug can be seen here: http://research.seniorennet.be/Techr...t_explorer.php

The bug is reported to Microsoft.

[XTC46]

bad link.

[MrLinus]

Try this instead. The long URL is being affected by a BR tag and a spacing UNICODE.

[Tedob1]

i can see where this could affect those who depend on av/anti-spyware programs to protect them from malicious web sites instead of keeping their browser up to date on patches. but other than that it's pretty cool.

[dmorgan]

Just another reason to switch to firefox but then again, I am probably beating a dead horse I know that firefox has it's vulns and all, but I really believe that it is superior, but then again I am not trying to start one of those 'Open source RULES!!! M$ SUX' things so please don't take it that way. I know that new firefox vulns are being discovered every day, but so are MSIE vulns. To me it is a comparison of the rate at which they are being discovered, and since firefox is relatively new (It is only a matter of time though) it has less vulns. But I am off on a tangent. (Sorry)

I think that this probelm, unfortunatley, seems to be a just a symptom rather than the cause. The fact that IE 'forgets' the actual code and only remembers the HTML is kind of disturbing to me. It seems to me that this is a problem in the way that MSIE (at a low level) handles Java script. I hope (and trust) that Microsoft will fix the cause rather than the symptom.