Re: ie's big hole
From: Jan Il (abuse_at_localhost.com)
Date: 01/11/05
- Next message: gtsrjay: "opening web pages"
- Previous message: PA Bear: "Re: ie custom security custom level... button disabled"
- In reply to: Linda B: "Re: ie's big hole"
- Next in thread: Vanguard: "Re: ie's big hole"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 10 Jan 2005 19:35:18 -0500
"Linda B" <LindaB@discussions.microsoft.com> wrote in message
news:E6199FF4-F462-4A15-B678-206521A1794B@microsoft.com...
> I think the point is not so much that any given browser is so much more or
> less secure than any other; rather, it's that a Microsoft browser, given
> it's installed on something like 90% of the desktop PCs worldwide, is a
> *much* bigger target, and consequently much more likely to be shot at.
Most
> (but certainly not all) virus makers and hackers aren't going to waste
their
> time finding exploits and holes in Firefox when seven out of ten internet
> users are using IE (yes, that's a fake statistic, but you get my jist).
>
> You'll never be secure no matter what brower you use, and yes, the best
> defense is to be well patched and internet-savvy, but it can't hurt to
make a
> smaller target of yourself, either.
Unfortunately, that target is no longer as small as you might think, and it
is growing every day.
The following information was provided in another thread here just a few
days ago regarding a similar discussion:
:
Courtesy of PA Bear -
<paste>
> Netscape 7.x, Konqueror 3.x, Opera 7.x, Safari 1.x, Microsoft Internet
> Explorer 5.01/5.5/6, Mozilla 0.x, Mozilla 1.0, Mozilla 1.1, Mozilla 1.2,
> Mozilla 1.3, Mozilla 1.4, Mozilla 1.5, Mozilla 1.6, Mozilla 1.7.x,
> Mozilla *Firefox* 0.x,
> Mozilla *Firefox* 1.x
>
> The problem is that a website can inject content into another site's
> window if the target name of the window is known. This can e.g. be
> exploited by a malicious website to spoof the content of a pop-up window
> opened on a trusted website.
>
> Secunia has constructed a test, which can be used to check if your
> browser is affected by this issue:
> http://secunia.com/multiple_browsers_window_injection_vulnerability_test/
>
> Notes:
> - The vulnerability has been confirmed in Mozilla 1.7.3 and Mozilla
> *Firefox* 1.0. Other versions may also be affected.
> - The vulnerability has been confirmed on a fully patched system with
> Internet Explorer 6.0 and Microsoft Windows XP SP1/SP2.
> - The vulnerability has been confirmed in Safari version 1.2.4. Other
> versions may also be affected.
> - The vulnerability has been confirmed in Opera version 7.54. Other
> versions may also be affected.
> - The vulnerability has been confirmed in Konqueror version 3.2.2-6.
> Other versions may also be affected.
> - The vulnerability has been confirmed in Netscape 7.2. Other versions
> may also be affected.
>
> Solution: Do not browse untrusted sites while browsing trusted sites.
>
> Netscape: http://secunia.com/advisories/13402/
> Opera: http://secunia.com/advisories/13253/
> Mozilla/Firefox: http://secunia.com/advisories/13129/
> IE: http://secunia.com/advisories/13251/
> Konqueror: http://secunia.com/advisories/13254/
> Safari: http://secunia.com/advisories/13252/
</paste>
Never under estimate the power of money, and those to covet it. Like a
cancer, it is indiscriminant, and fears no boundaries.
Jan :)
Smiles are meant to be shared,
that's why they're so contagious.
- Next message: gtsrjay: "opening web pages"
- Previous message: PA Bear: "Re: ie custom security custom level... button disabled"
- In reply to: Linda B: "Re: ie's big hole"
- Next in thread: Vanguard: "Re: ie's big hole"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
