Big flaw in IE demonstrated by this test....

L

LuckyStrike

Saw this at another MS Newsgroup, and was quite shocked.

This below is a copy/paste of that post:
From: "Cnews-ms" <[email protected]>
Subject: Test your IE browser for serious vulnerabilty
Date: Sat, 3 Jul 2004 18:13:46 -0500

<paste>
If you must continue using IE please go to the site below. I am concerned
because I applied the Microsoft Fix today, rebooted and IE still failed the
test. Mozilla and Firefox passed.
see for yourself . test
http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/

CR
--
http://QLiner.com
</paste>
--

LuckyStrike
(e-mail address removed)

How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
http://home.satx.rr.com/badour/html/post.html
--------------------------------------------------------------------
 
L

LuckyStrike

I should add that I see there *is a solution* to this for IE6 SP-1 (fully
patched including today's WU Critical security patch - Critical Update for
Microsoft Data Access Components - Disable ADODB.Stream object from Internet
Explorer - Win9x - KB870669 .

Internet Explorer Frame Injection Vulnerability
http://secunia.com/advisories/11966

The above article offers this as a solution:
1) Disable the following security setting: "Navigate sub-frames across
different domains".

It also states the obvious: Do not visit or follow links from untrusted
websites.

So I would guess there is no need to run out and get Firefox as the *only*
solution for this.
--

LuckyStrike
(e-mail address removed)

How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
http://home.satx.rr.com/badour/html/post.html
--------------------------------------------------------------------
 
G

Guest

when's the next hole in ie going to open up. might as well
use firefox (mozilla.org)and be more secure with open
source. and no hijackers or popups .
 
L

LuckyStrike

Just might do that... but will wait until a "finalized" version is available
beyond 0.9.1. Shouldn't be too far off if their development team is on the
case.

As a rule, I don't experience hijackers or pop-ups. Aside from just now
disabling "navigate sub-frames...", I've never gotten the other stuff as my
browser has been not set to duh-fault. Scripting and ActiveX are
disabled...just as in Firefox.
--

LuckyStrike
(e-mail address removed)

How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
http://home.satx.rr.com/badour/html/post.html
--------------------------------------------------------------------
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Test your IE browser for serious vulnerabilty 2
Windows Update offers a fix for another flaw as of 3/July 42
Is the server for this newsgroup working consistently today? 14
Hijack This version 1.98.0 now available 12
Seeimg so many posts expressing bizarre behavior in IE 19
SpywareBlaster 3.1 Update requires installing new version of Spywareblaster 6

Top