Secunia PSI reports Internet Explorer as insecure

L

Leonard Grey

This is a public newsgroup composed of your fellow Windows XP users (see
the title). If you have a question on what Secunia opines about Internet
Explorer, try the Secunia discussion forums.
 
F

FrankV

Since there is nothing we can do about it if it is true, I've continued with
IE8 and set Windows for automatic update.

Frank
 
V

VanguardLH

Herbert said:
Nevertheless, I'm still interested in finding out what fellow Windows XP
users make of the insecurity report.
Click to expand...

As typical with many Secunia reports, there is insufficient information
for technically-expert users to determine just WHAT is the
vulnerability. They might hide the specifics so they are not seen as
proliferating the vulnerability by enabling malcontents that could then
learn how to implement the vulnerability.

XSS in IE8 isn't perfect and was deliberately designed not to be; else,
it would be far to corruptive to many web sites. That the XSS filter
was added was to improve security, not lock down tight that no XSS
functionality can be employed by a web site.

http://blogs.msdn.com/ie/archive/2008/07/01/ie8-security-part-iv-the-xss-filter.aspx
"Ultimately we have taken a very pragmatic approach ¡V we choose to not
to build the filter in such a way that we compromise site compatibility.
Thus, the XSS Filter defends against the most common XSS attacks but it
is not, and will never be, an XSS panacea."

If you want to totally lock down a web site, use a text-only web
browser. There are a diminishing number of web sites where they display
just text so you'll lose a lot of content in the form of structure and
non-text features.
 
H

Herbert Eppel

As typical with many Secunia reports, there is insufficient information
for technically-expert users to determine just WHAT is the
vulnerability. They might hide the specifics so they are not seen as
proliferating the vulnerability by enabling malcontents that could then
learn how to implement the vulnerability.

XSS in IE8 isn't perfect and was deliberately designed not to be; else,
it would be far to corruptive to many web sites. That the XSS filter
was added was to improve security, not lock down tight that no XSS
functionality can be employed by a web site.

http://blogs.msdn.com/ie/archive/2008/07/01/ie8-security-part-iv-the-xss-filter.aspx
"Ultimately we have taken a very pragmatic approach ¡V we choose to not
to build the filter in such a way that we compromise site compatibility.
Thus, the XSS Filter defends against the most common XSS attacks but it
is not, and will never be, an XSS panacea."

If you want to totally lock down a web site, use a text-only web
browser. There are a diminishing number of web sites where they display
just text so you'll lose a lot of content in the form of structure and
non-text features.
Click to expand...

Thanks for your comments.

Herbert Eppel
www.HETranslation.co.uk
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Secunia PSI 3.0 out now ... 3
PSI 2.0 Beta released 6
Secunia Personal Software Inspector 1.5.0.0 1
Secunia PSI security scan raises some questions 5
Windows 8 is the most vulnerable Windows OS -> you can thank Adobe Flashfor that 1
Secunia PSI ... free 5
Lucky blundering with Vista, PerfectDisk, Secunia PSI and Windows Update 1
Advisories and vulnerability comparison: Windows 98(se) vs Windows XPhome 33

Top