Re: Are Java and JavaScript really so malicious for Windows system

Lionel Fourquaux wrote:
> "fluidly unsure" <dripping@xxxxxxxxxxxxxx> a écrit dans le message de
> news: qOujf.28942$tV6.1791@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>
>> Lionel Fourquaux wrote:
>>
>>> Because of dependencies. The HTML renderer is used for the user
>>> interface part of several system tools (some mmc applets, the user
>>> management control panel applet), and for some important system
>>> functionality (writing scripts with a user interface). As Mark Randall
>>> noted, lower level component that are formally a part of IE, such as the
>>> HTTP protocol client APIs, are also shared with a lot of other programs.
>>>
>>
>> Which is what I thought I was saying. I didn't know which executable IE
>> resided in, but I expected a .DLL instead of NTOSKRL.EXE
>
>
> The point is, IE is a completely normal application.
>

I guess I misunderstood your statement. I thought you were saying that
some of IE was used by other applications/applets/CPLs. That sounds like
an "integrated" component to me and not a "completely normal application".

Bottom line, it affects the OS as a whole when it's not working
properly. Therefore it's security is more of a problem than in a more
compartmentalized applications like FireFox. (I'm not saying FF doesn't
have it's own problems)

Isn't the DOM vulnerability an example of the OS being contaminated by
an IE hole?

* CVE: CVE-2005-1790
* FSCID: FSC20051122-1
* SFID: 13799
* Secunia: SA15546
* Microsoft:
http://www.microsoft.com/technet/security/advisory/911302.mspx
* The French Security Incident Res:
http://www.frsirt.com/english/advisories/2005/2509
* US-CERT: http://www.kb.cert.org/vuls/id/887861

--

Liquid
.

Relevant Pages

  • Re: Phil Gordon addresses 2006 BARGE
    ... newgroup itself continues to exist as one huge unmoderated group (as many ... but there is an interface that implements the ... If he is saying what I believe he is saying, which is what I have been ... Writing software is what I do, and I don't think a reader like I've ...
    (rec.gambling.poker)
  • Re: Cohens paper on byte order
    ... That's what I've been saying all along: ... > # octet-sequence interface to AES as well. ... and the interesting ambiguities in existing standards it has thown up leads ... additional, equivalent octet based interface. ...
    (sci.crypt)
  • Re: Operator overloading in C
    ... Eric Sosman wrote: ... saying ... If the mere fact that Doug disagrees with your proposal is ... a library that we could use, but it had only a C interface, ...
    (comp.std.c)
  • Re: eMac, 9.2 and WiFi ?
    ... The user interface was quite clearly the Macintosh interface, ... Ah but are we saying that everything pre X was rubbish, ... What do you think we were doing while Windows users hadn't even imagined ... Mac OS 9 is about seven years old. ...
    (uk.comp.sys.mac)
Quantcast