Gaping Holes in IE7 Reported by Polish Hacker
It appears IE7 has another vulnerability in the browser.
“In other words, the entire security model of the browser collapses like a house of cards and renders you vulnerable to a plethora of nasty attacks,” Zalewski warns, noting that local system compromise is also possible.
In the article, Zalewski shares exactly what happens and how. It makes sense to me on how it could happen, but I’ve yet to really have a security problem with IE7 that I’m aware of at this point. [Searching for something wooden to knock on]. This seems like a pretty obvious exploit though. It’s little things like this that makes me wonder how they get out of Redmond without being caught. Is it rushing to deliver product? Shoddy coding? Or just a general feeling of apathy?
Microsoft rep said:
Microsoft is investigating new public claims of two possible vulnerabilities in Internet Explorer. Microsoft is not aware of any attacks attempting to use the possible vulnerabilities or of customer impact at this time. Microsoft will continue to investigate the claims to help provide additional guidance for customers as necessary.
I’ll tell you this, if I were on the IE7 development team, I’d take every comment about IE7 security personally and do everything in my power to turn the opinion and perception of the browser around.
On another note, I upgraded to Firefox 2.0.2 this week. I no longer use the browser as my default browser because I like the IE7 handles things in some areas better for my use. I’ll have to try it though and see what happens with the upgrade. I continue to say that Firefox’s management of plug-ins and extensions far exceeds IE7’s, but that’s not quite enough for me.
Firefox has some security issues right now as well, and are discussed in the article. Interestingly, IE7 isn’t at risk by one of them due to “certain high-level changes in the browser”.
Tags: exploits, Firefox, IE7, Polish-hacker, Security, ZalewskiRelated Stories
POSTED IN: Business Users, Home User, Internet Explorer, Online Services, Security
0 opinions for Gaping Holes in IE7 Reported by Polish Hacker
No one has left a comment yet. You know what this means, right? You could be first!
Have an opinion? Leave a comment: