Time to dump Internet Explorer

Friday, 18 June 2004, 1:31 PM EST

The latest version of IE is 6, and it has certainly accumulated an impressive record of holes: 153 since 18 April 2001, according to the SecurityFocus Vulnerabilities Archive. There have been some real doozies in there. For instance, last August, Microsoft issued a patch that fixed a hole that the company described this way: "It could be possible for an attacker who exploited this vulnerability to run arbitrary code on a user's system. If a user visited an attacker's Web site, it would be possible for the attacker to exploit this vulnerability without any other user action." Oh, is that all? Well, that's super - simply visit a Web page, and you're 0\/\/N3d, d00d!

A little over a week ago, the SecurityFocus Vulnerability Database reported the "Microsoft Internet Explorer Modal Dialog Zone Bypass Vulnerability," which "may permit cross-zone access, allowing an attacker to execute malicious script code in the context of the Local Zone." That was just one of the six reported so far this month - and we're only halfway through!

By Scott Granneman at SecurityFocus.

[ Read more ]




Spotlight

Chrome extension thwarts user profiling based on typing behavior

Infosec consultant Paul Moore came up with a working solution to thwart a type of behavioral profiling. The result is a Chrome extension called Keyboard Privacy, which prevents profiling of users by the way they type by randomizing the rate at which characters reach the DOM.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Wed, Jul 29th
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //