-
June 8th, 2005, 08:01 PM
#1
New MSIE security hole?
I received an email today, the subject of which may interest some of you. I've read the report on the URL listed in his email, and the security "hole" seems to be valid, though I don't know if any other code on the page would actually run other than the code he used to produce the "hole" itself. Have a look...
------------------
NEW security hole / exploit in IE6 with SP2 and all the latest security patches that can be abused by hackers to run harmful JavaScript code and can be abused to mislead existing protection against harmful JavaScript code.
All the information about the new bug can be seen here: http://research.seniorennet.be/Techr...t_explorer.php
The bug is reported to Microsoft.
-
June 8th, 2005, 08:30 PM
#2
-
June 8th, 2005, 08:51 PM
#3
Try this instead. The long URL is being affected by a BR tag and a spacing UNICODE.
-
June 8th, 2005, 11:38 PM
#4
i can see where this could affect those who depend on av/anti-spyware programs to protect them from malicious web sites instead of keeping their browser up to date on patches. but other than that it's pretty cool.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
June 9th, 2005, 05:51 AM
#5
Just another reason to switch to firefox but then again, I am probably beating a dead horse I know that firefox has it's vulns and all, but I really believe that it is superior, but then again I am not trying to start one of those 'Open source RULES!!! M$ SUX' things so please don't take it that way. I know that new firefox vulns are being discovered every day, but so are MSIE vulns. To me it is a comparison of the rate at which they are being discovered, and since firefox is relatively new (It is only a matter of time though) it has less vulns. But I am off on a tangent. (Sorry)
I think that this probelm, unfortunatley, seems to be a just a symptom rather than the cause. The fact that IE 'forgets' the actual code and only remembers the HTML is kind of disturbing to me. It seems to me that this is a problem in the way that MSIE (at a low level) handles Java script. I hope (and trust) that Microsoft will fix the cause rather than the symptom.
The fool doth think he is wise, but the wiseman knows himself to be a fool - Good Ole Bill Shakespeare
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|