Major IE7 security flaw

barnicles

http://www.siliconrepublic.com/news/article/11966/cio/major-security-flaw-in-internet-explorer

Another reason why Firefox is probably the best browser in the world

EvilMonkey

barnicles wrote: »

http://www.siliconrepublic.com/news/article/11966/cio/major-security-flaw-in-internet-explorer

Another reason why Firefox is probably the best browser in the world

Does Firefox have no security issues? :rolleyes:

barnicles

Faster
No major security flaws
Customisable
Add ons
Open Source

aidan_walsh

barnicles wrote: »

Faster
No major security flaws
Customisable
Add ons
Open Source

*cough*

barnicles

IE ain't there

MunsterCycling

Who owns bit9.com? One microsoft program on the list, I smell a rat!

http://www.neowin.net/news/main/08/12/16/firefox-tops-list-of-most-vulnerable-windows-applications#comment695780

the_syco

aidan_walsh wrote: »

*cough*

The browser has earned the reputation from Mozilla patching 10 vulnerabilities which could be used to gain control, access, or execute miscellaneous code via buffer overflow, malformed URI links, javascript, documents and third party tools.

So, because FF patches it's vulnerabilities, and IE takes an age patching its vulnerabilities, FF gets number 1.

Also, it seems the research was on companies, and the ability for the companies to update the software. Thus, there was no MS software, as the provide tools to update their own software, but not anyone elses. BUT, and it's quite a big butt, most companies don't regularly update their versions of MS products, as they have to ensure that any "home-made" products are compatible with the MS updates.

Mac daddy

Yup seen it we got the mails from Microsoft yesterday evening...


SECURITY: ADVANCE NOTIFICATION

Hi,

I wanted to give you an update on the Internet Explorer vulnerability, we will be releasing a patch this afternoon. I will send the details as soon as it is released.

Please let me know if you have any questions,

What is the purpose of this alert?

Microsoft is scheduled to release a security bulletin (out-of-band) to address a vulnerability in Internet Explorer on all currently supported versions of Windows. The bulletin is scheduled for release at approximately 10 A.M. Pacific Time on Wednesday, December 17, 2008.

This security update will be released outside of the usual monthly security bulletin release cycle in an effort to protect customers. Microsoft recommends customers prepare their systems and networks to apply this security bulletin immediately once released to help ensure that their computers are protected from attempted criminal attacks. For more information about security updates, visit http://www.microsoft.com/protect.

The purpose of this notification is to assist customers with resource planning for this security bulletin release. The information offered in this notification is purposely general in nature to provide enough information for customers to plan for deployment without disclosing vulnerability details or other information that could put them at risk.

Anyone believed to have been affected can visit: http://www.microsoft.com/protect/support/default.mspx and should contact the national law enforcement agency in their country. Those in the United States can contact Customer Service and Support at no charge using the PC Safety hotline at (866) PC SAFETY. Additionally, customers in the United States should contact their local FBI office or report their situation at: www.ic3.gov.

Microsoft continues to encourage customers to follow the “Protect Your Computer” guidance of enabling a firewall, applying all software updates, and installing anti-virus and anti-spyware software. Additional information can be found at: http://ww.microsoft.com/protect.

NEW BULLETIN SUMMARY

Bulletin Identifier Windows Bulletin, Internet Explorer
Maximum Severity Rating Critical
Impact of Vulnerability Remote Code Execution
Detection Microsoft Baseline Security Analyzer can detect whether your computer system requires this update.
Restart Requirement May require restart
Affected Software Microsoft Windows, Internet Explorer


The full version of the Microsoft Security Bulletin Advance Notification for this month can be found here: http://www.microsoft.com/technet/security/bulletin/ms08-dec.mspx.

Although we do not anticipate any changes, the information provided in this summary is subject to change until the release. At this time, no additional information on this bulletin such as details regarding severity or details regarding the vulnerability will be made available until the bulletin is published.

PUBLIC BULLETIN WEBCAST

Microsoft will host two Webcasts to address customer questions on these bulletins:

Title: Information About Microsoft December Out-of-Band Security Bulletin (Level 200)
Date: Wednesday, December 17, 2008 1:00 P.M. Pacific Time (U.S. & Canada)
URL: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032399448

Title: Information About Microsoft December Out-of-Band Security Bulletin #2 (Level 200)
Date: Thursday, December 18, 2008 11:00 A.M. Pacific Time (U.S. & Canada)
URL: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032399449

REGARDING INFORMATION CONSISTENCY

We strive to provide you with accurate information in static (this mail) and dynamic (Web-based) content. Microsoft’s security content posted to the Web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s Web-based security content, the information in Microsoft’s Web-based security content is authoritative.

If you have any questions regarding this alert please contact me.

Thank you,

Mac daddy

barnicles wrote: »

Faster
No major security flaws
Customisable
Add ons
Open Source

Not a IE lover but Firefox has its own share of issues don't post stupid comments.

Below are from Firefox
December 16, 2008
MFSA 2008-69 XSS vulnerabilities in SessionStore
MFSA 2008-68 XSS and JavaScript privilege escalation
MFSA 2008-67 Escaped null characters ignored by CSS parser
MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters
MFSA 2008-65 Cross-domain data theft via script redirect error message
MFSA 2008-64 XMLHttpRequest 302 response disclosure
MFSA 2008-63 User tracking via XUL persist attribute
MFSA 2008-62 Additional XSS attack vectors in feed preview
MFSA 2008-61 Information stealing via loadBindingDocument
MFSA 2008-60 Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19)

ethernet

Every piece of software is bound to have its exploits.

The IE patch will be available at 6 pm today. That's the important thing.

It is widely known that Firefox, due to the nature of open source, can be seen to be less secure than IE because of the extensive detailing of every such flaw/exploit found, basically, the Mozilla Foundation is overly honest!

Anti

Mac daddy wrote: »

Yup seen it we got the mails from Microsoft yesterday evening...


SECURITY: ADVANCE NOTIFICATION

Hi,

I wanted to give you an update on the Internet Explorer vulnerability, we will be releasing a patch this afternoon. I will send the details as soon as it is released.

Please let me know if you have any questions,

What is the purpose of this alert?

Microsoft is scheduled to release a security bulletin (out-of-band) to address a vulnerability in Internet Explorer on all currently supported versions of Windows. The bulletin is scheduled for release at approximately 10 A.M. Pacific Time on Wednesday, December 17, 2008.

This security update will be released outside of the usual monthly security bulletin release cycle in an effort to protect customers. Microsoft recommends customers prepare their systems and networks to apply this security bulletin immediately once released to help ensure that their computers are protected from attempted criminal attacks. For more information about security updates, visit http://www.microsoft.com/protect.

The purpose of this notification is to assist customers with resource planning for this security bulletin release. The information offered in this notification is purposely general in nature to provide enough information for customers to plan for deployment without disclosing vulnerability details or other information that could put them at risk.

Anyone believed to have been affected can visit: http://www.microsoft.com/protect/support/default.mspx and should contact the national law enforcement agency in their country. Those in the United States can contact Customer Service and Support at no charge using the PC Safety hotline at (866) PC SAFETY. Additionally, customers in the United States should contact their local FBI office or report their situation at: www.ic3.gov.

Microsoft continues to encourage customers to follow the “Protect Your Computer” guidance of enabling a firewall, applying all software updates, and installing anti-virus and anti-spyware software. Additional information can be found at: http://ww.microsoft.com/protect.

NEW BULLETIN SUMMARY

Bulletin Identifier Windows Bulletin, Internet Explorer
Maximum Severity Rating Critical
Impact of Vulnerability Remote Code Execution
Detection Microsoft Baseline Security Analyzer can detect whether your computer system requires this update.
Restart Requirement May require restart
Affected Software Microsoft Windows, Internet Explorer


The full version of the Microsoft Security Bulletin Advance Notification for this month can be found here: http://www.microsoft.com/technet/security/bulletin/ms08-dec.mspx.

Although we do not anticipate any changes, the information provided in this summary is subject to change until the release. At this time, no additional information on this bulletin such as details regarding severity or details regarding the vulnerability will be made available until the bulletin is published.

PUBLIC BULLETIN WEBCAST

Microsoft will host two Webcasts to address customer questions on these bulletins:

Title: Information About Microsoft December Out-of-Band Security Bulletin (Level 200)
Date: Wednesday, December 17, 2008 1:00 P.M. Pacific Time (U.S. & Canada)
URL: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032399448

Title: Information About Microsoft December Out-of-Band Security Bulletin #2 (Level 200)
Date: Thursday, December 18, 2008 11:00 A.M. Pacific Time (U.S. & Canada)
URL: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032399449

REGARDING INFORMATION CONSISTENCY

We strive to provide you with accurate information in static (this mail) and dynamic (Web-based) content. Microsoft’s security content posted to the Web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s Web-based security content, the information in Microsoft’s Web-based security content is authoritative.

If you have any questions regarding this alert please contact me.

Thank you,

Strange, i work for microsoft and i didnt get that email. Or anyone i know in here.

Capt'n Midnight

Patch released
http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx

An Fear Aniar

Meanwhile:


Mozilla plugs 13 holes in Firefox, retires older 2.0 browser



.

Mr.Nice Guy

Hi I'm currently operating a Windows XP so does this mean I'm on IE6? I tried to download the patch but was told my system doesn't have the requirements.

Does this mean I'm at risk of this nasty virus thingamajig?

Would apprecaite any advice from you nowledgeable chaps.

Donald-Duck

Mr.Nice Guy wrote: »

Hi I'm currently operating a Windows XP so does this mean I'm on IE6? I tried to download the patch but was told my system doesn't have the requirements.

Does this mean I'm at risk of this nasty virus thingamajig?

Would apprecaite any advice from you nowledgeable chaps.

If you have tabs, you have IE7. If you don't you have 6.

Mac daddy

Manties wrote: »

Strange, i work for microsoft and i didnt get that email. Or anyone i know in here.

We got the mail of our TAM ( Veysel )

biko

Mr.Nice Guy wrote: »

Hi I'm currently operating a Windows XP so does this mean I'm on IE6?

On all windows applications you can click Help and then About Program.
It'll tell you the version.

egan007

barnicles wrote: »

http://www.siliconrepublic.com/news/article/11966/cio/major-security-flaw-in-internet-explorer

Another reason why Firefox is probably the best browser in the world

The title of this thread would be better as IE7 Major security Flaw

At least they have fixed a lot of the box model bugs.....

Stephen

Its not just IE7 that's affected. All versions including 8 beta and going back to 5 are vulnerable. In fairness to Microsoft they got it patched within a day, give or take a few hours.

Tallon

FFFTW

also: http://news.bbc.co.uk/1/hi/technology/7788687.stm

egan007

Stephen wrote: »

In fairness to Microsoft they got it patched within a day, give or take a few hours.

It's not fair that they let problems happen then fix them rather then testing properly.

It would be fair if it was a one off but it's a recurring problem...