new ie6 vulnerabilties posted to bugtraq on 07/11/2004 by [email protected]
1
2
3
4
5
ooops not a good week for for M$ i guess!
Printable View
Yeah, no joke. I saw these today and just gasped for air...more unpatched vulns in IE with exploits to soon follow I bet. :eek: Wait that's more like a :fpissed: smilie.
Sure wish these had been released a week or 2 ago to give M$ time to incorporate into tomorrow's patch(es). :(
There's really no way to determine if these are new or if they were caused by something being patched earlier. Yeah, we have the whitepapers to go on, but not everything's released sometimes. This doesn't bode well for MS, that's for sure. Glad I got my gf on Firefox and Opera....
My question is, if there's this many for MS' *browser*, then what the hell do you think could be found for the OS if someone really got down to it?
All i can say is Bugger.
I was starting to think that Ie was starting to be a half decent browser, but i guess i was wrong.
Allwell i'm gonna dust of my Avante Browser and leave those little vulnevalities behind..
cheers
f2b:.
I guess you haven't read Exploiting Software. How to Break Code or visited the authors' (one of 'em at least) website www.rootkit.comQuote:
Originally posted here by Vorlin
My question is, if there's this many for MS' *browser*, then what the hell do you think could be found for the OS if someone really got down to it?
Hoglund makes hooking ring 0 look like childs play.
Avant browser is based off IE code. Your still screwed unless you disable all scripting.Quote:
Originally posted here by .:front2back:.
All i can say is Bugger.
I was starting to think that Ie was starting to be a half decent browser, but i guess i was wrong.
Allwell i'm gonna dust of my Avante Browser and leave those little vulnevalities behind..
cheers
f2b:.
Unless Avante is different that Avant.
Bugger anyone know a Browser that is actually safe to use?
Really NONE totally... however many feel, as do I, that Mozilla, Firefox, and Opera are all safer than IE. I say this because 1) there are fewer holes that have been found still open (if any), and 2) open source means many gurus/experts looking over code and fixing it quicker. There is some debate as to whether there is more research for holes done on IE than the others because it's more popular but I don't share that view.Quote:
I have moved all my family over to Mozilla with Java and scripting turned off. I than advise them that if they must trully have that enabled for a particular site use IE only when it is a known trusted site - that's what I do.
Mozilla, Firefox at www.mozilla.org
Soda is correct. Avante(avant) and MyIE2 still run off of the Internet Explorer Dlls, system calls, and the entire IE base. They are a front end, basically :) So still very vunerable.
As for other browsers, I'll just link you to a large list of browsers I made earlier:
http://antionline.com/showthread.php...402#post763402
Sounds like a good idea, i used to use FireFox, but i unistalled it for some stupid reason :(
Looks like i'm just gonna have ta re-download it cause it sounds like a safe choice..
Cheers big ears
f2b:.
using ie i have 'prompt' for java script set. when the prompt comes up i hit the space bar for 'NO' by default...how much trouble is that. in firefox which i also have on my machine i have two choices. allow or deny java script....i like prompt.
ive only checked out the first exploit given so far but using firefox to go to the example page opens up ie tips when i click on "go" with java enabled. this is another exploit of the digitally impared. those that just click on any link there given. i read the code before i clicked the link in case anyones wondering.
on to look at the rest!
The real problem here is, that IE isn't really that much different from the Windows shell. Hell, it is the Windows shell with slightly different menus. So in essence, an IE vulnerability is a Windows vulnerability.Quote:
My question is, if there's this many for MS' *browser*, then what the hell do you think could be found for the OS if someone really got down to it?
Cheers,
cgkanchi
2) requires java script to load a new page. not from me! good practices dictate that i copy the link and paste it. "javascript:govuln()".....not hardly
in ff it open the page with java enabled. the alert box opens with Javascript injected! Location: about:blank cookie: it was supposed to load google so by default FF is not affected
3) downloaded file like a normal file in ie without anything opening. choosing no to java script of course. FF not vulnerable.
4) requests to load 2 java scripts and an activeX control...i would never allow this even on AO
5) same thing as 2.
OK so whats the big news. allowing the 'convieniences' to run is trouble. always has been. with js off in FF i cant give any greenies while in IE i hit f5 and select to let the first js run. BFnD
im not defending IE but rather safe browsing practices. with everything set to prompt my computer is safe from these new holes even using IE.
once the exploits hit the web, well... unsafe sites are still going to be unsave, and it might be safer for mom and pop to move over to firefox for the time being but as illustrated with the the first one on the list IE has to be removed or at least unregistered to open ht* files but if a large portion move over to firefox its going to become the target.