Major IE8 Flaw Makes "Safe" Sites Unsafe 83
After this weekend's report of a dangerous flaw in IE (which Microsoft confirmed today), intrudere points out an exclusive report in The Register on a new hole in IE8 that could allow an attacker to pull off cross-site scripting attacks on Web sites that ought, by rights, to be safe from XSS. This is according to two anonymous sources, who told El Reg that Microsoft had been notified of the vulnerability a few months ago.
In other news (Score:5, Insightful)
Rain is wet....
Despite MS best efforts, IE just won't shake it's 'insecure' tag, will it?
Part of me wonders if perhaps these vulnerabilities aren't being made a big deal of because of the reputation of IE6. The rest of me which started using Firefox a long time ago just feels smug and superior.
Re:See, Microsoft is right (Score:3, Insightful)
Strangely enough, I'm torn between demanding a funny mod or an insightful one for you.
Redundant (Score:4, Insightful)
Re:Breaking News (Score:5, Insightful)
Internet Explorer is perfectly safe for everyday use.
As long as you follow the old US gov't C3 security guidelines/settings for Windows NT 4.0 while you do it, sure.
Re:In other news (Score:1, Insightful)
Are you sure you should be feeling so smug?
Slashdot posted that Firefox may not be as secure as you might think it is.
http://tech.slashdot.org/story/09/11/11/1626224/Firefox-Most-Vulnerable-Browser-Safari-Close?art_pos=5
Re:In other news (Score:3, Insightful)
The browser is a still an integral part of the OS. All else follows.
Re:Breaking News (Score:0, Insightful)
Re:In other news (Score:5, Insightful)
Yes, after months or years of testing. Had IE been standards compliant in the first place, without all of the OS specific hooks, many companies wouldn't be in this boat.
It is not an insignificant effort to get off of IE 6, especially without many thousands of users, and hundreds or thousands of apps that will break, or require testing under Windows 7's Virtual PC software.
Now that other companies browser has a huge flaw! (Score:2, Insightful)
When asked why they are disabling the XSS protection in IE8, Google responds that IE8 has a undiclosed vulnerability. Anyone here think Google is just mud-slinging to disparrage the main competitor to Chrome?