Oh yet another reason to switch to Mozilla or Opera

[DeltaSigStan]

(When it comes to IE....YOU VERY STUPID GATES)

http://story.news.yahoo.com/news?tmp...=2&u=/nf/29577

Security experts are warning of a new and highly critical security flaw in Microsoft (Nasdaq: MSFT - news) Internet Explorer, when running under Windows XP (news - web sites) SP2.

Simply visiting a malicious Web site could leave a user's computer vulnerable to malicious code.

The basic flaw has been known about for two months, but security experts originally thought it would be difficult to exploit. However, after further study, security firm Secunia now says the bug represents a greater danger than previously believed.

Secunia now rates the vulnerability as "extremely critical."

Three Problems

In an alert posted on its Web site, Secunia lists three problems in IE that, in combination, create the vulnerability:

"Insufficient validation of drag and drop events from the Internet zone to local resources for valid images or media files with embedded HTML code;

"A security site/zone restriction error, where an embedded HTML Help control on e.g. a malicious web site references a specially crafted index (.hhk) file, can execute local HTML documents or inject arbitrary script code in context of a previous loaded document using a malicious javascript URI handler;

"A security site/zone restriction error in the handling of the Related Topics command in an embedded HTML Help control can be exploited by e.g. a malicious website to execute arbitrary script code in the context of arbitrary sites or zones."

The exploit bypasses a key SP2 security feature, Zone Lock Down, which is designed to prevent an attacker from remotely executing script on a local system.

Safety Measures

The vulnerability was identified initially by security group Greyhats, which warned of the bug late last month.

Microsoft is recommending that users turn off the "Drag and drop or copy and paste files" option in Internet Explorer and set security levels to high for the Internet zone.

Security experts note that the problem does not affect other browsers.

Secunia has constructed a test, available on the firm's Web site, that users can run to determine whether their systems are affected by this issue.

[moe.ron]

Long time user here. Mozilla is the best free browser out there.

[Rudey]

Just so you know, Mozilla has a new flaw which opens itself up to phishers attacking a user.

-Rudey

Quote:

Originally posted by DeltaSigStan
(When it comes to IE....YOU VERY STUPID GATES)

http://story.news.yahoo.com/news?tmp...=2&u=/nf/29577

Security experts are warning of a new and highly critical security flaw in Microsoft (Nasdaq: MSFT - news) Internet Explorer, when running under Windows XP (news - web sites) SP2.

Simply visiting a malicious Web site could leave a user's computer vulnerable to malicious code.

The basic flaw has been known about for two months, but security experts originally thought it would be difficult to exploit. However, after further study, security firm Secunia now says the bug represents a greater danger than previously believed.

Secunia now rates the vulnerability as "extremely critical."

Three Problems

In an alert posted on its Web site, Secunia lists three problems in IE that, in combination, create the vulnerability:

"Insufficient validation of drag and drop events from the Internet zone to local resources for valid images or media files with embedded HTML code;

"A security site/zone restriction error, where an embedded HTML Help control on e.g. a malicious web site references a specially crafted index (.hhk) file, can execute local HTML documents or inject arbitrary script code in context of a previous loaded document using a malicious javascript URI handler;

"A security site/zone restriction error in the handling of the Related Topics command in an embedded HTML Help control can be exploited by e.g. a malicious website to execute arbitrary script code in the context of arbitrary sites or zones."

The exploit bypasses a key SP2 security feature, Zone Lock Down, which is designed to prevent an attacker from remotely executing script on a local system.

Safety Measures

The vulnerability was identified initially by security group Greyhats, which warned of the bug late last month.

Microsoft is recommending that users turn off the "Drag and drop or copy and paste files" option in Internet Explorer and set security levels to high for the Internet zone.

Security experts note that the problem does not affect other browsers.

Secunia has constructed a test, available on the firm's Web site, that users can run to determine whether their systems are affected by this issue.

[moe.ron]

Quote:

Originally posted by Rudey
Just so you know, Mozilla has a new flaw which opens itself up to phishers attacking a user.

-Rudey

Read about that. However, I have more confidence that there will be a resolution to that problem quicker than IE.

[SigmaChiCard]

anyone use the plugin 'stumble'? it's great - it takes you random websites rated by other users..it's really pretty cool

[Intense1920]

I've never even heard of that one. Will have to check it out.