Re: Friends don't let friends use Internet Explorer
From: N. Miller (duh_at_blackhole.aosake.net)
Date: 07/01/04
- Next message: N. Miller: "Re: Are these program safe."
- Previous message: charlie R: "Re: Mouse motion- I'll get crazy!!!"
- In reply to: Ashley: "Friends don't let friends use Internet Explorer"
- Next in thread: Joe Richards [MVP]: "Re: Friends don't let friends use Internet Explorer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 1 Jul 2004 14:19:39 -0700
In article <2433d01c45f9b$431f7080$a601280a@phx.gbl>, Ashley says...
> I received an email from a peer warning me not to use
> Internet Explorer because of severe security problems. I
> would appreciate any opinions or advice about this
> message. Here is the message I received:
> Friends don't let friends use Internet Explorer!
>
> CERT, the internet security coordination center at
> Carnegie Mellon
> has issued a warning not to use Internet Explorer.
>
> see: http://www.cert.org
>
> They recommend Mozilla or Firebird, both of which are
> available
> for free from http://www.mozilla.org.
>
> For your own security we strongly recommend that you
> obtain a
> copy of Mozilla or Firebird from the above source and
> install it.
Make sure that you grab the latest versions; Mozilla 1.97 or Firefox 0.9.1.
I just tested two of the browsers that I used, and both failed. One was
Opera 7.51, the other Mozilla 1.6; both for Windows.
Check here for information and a test:
http://secunia.com/advisories/11978/
http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/
FWIW, if you can stand all of the prompts for running scripts, you can set
the MSIE Internet zone security to prompt on every scripted action a site
can take. When testing MSIE on that site, I got an Internet Explorer prompt
asking if I wanted to "Allow sub-frames to navigate across different
domains". Clicking on "No" caused the test to fail; had I clicked on "Yes",
MSIE would have allowed the test to "Pass". (If the test passes, the browser
fails.) Alas, going back and clicking the link a second time allowed the
different domain page to load without seeing a popup prompt.
I can honestly say, MSIE Version 6.0.2800.1106, Update Versions:; SP1;
Q324929; Q810847; Q328389; Q813951; Q813489; Q330994; Q818529; Q822925;
Q828750; Q824145; Q832894; Q837009; Q831167, Opera 7.51, and Mozilla 1.6
evidence a security flaw which allows a frame to be loaded with content from
a domain other than the site you started out on.
I only tested Mozilla 1.7 of the browsers reportedly secure. I presume
Mozilla 1.8 (a beta) would also be secure; as well as Firefox 0.9.1, which
is reported secure on that site I linked.
-- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint
- Next message: N. Miller: "Re: Are these program safe."
- Previous message: charlie R: "Re: Mouse motion- I'll get crazy!!!"
- In reply to: Ashley: "Friends don't let friends use Internet Explorer"
- Next in thread: Joe Richards [MVP]: "Re: Friends don't let friends use Internet Explorer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
