ByteCrusher Blog: Firefox fixes flaws, Internet Explorer does not

February 26, 2007

Firefox fixes flaws, Internet Explorer does not

The rallying cry for some time has been to dump Microsoft's Internet Explorer in favor of an alternate browser, such as Firefox, and in doing so dramatically improve your Internet Security. The solution is it's not quite so simple, and while Firefox seems to be under a recent stream of attacks, at least they're actively patching.

Stefan Esser, who writes for a the Hardened-PHP Project, detailed a vulnerability in Firefox (recently patched), IE, and Opera (neither patched) that opens the three browsers up to all the UTF-7 XSS vulnerabilities. The rub here is that Firefox was thought to be imune to these vulnerabilities. Unfortunately when the malicious code is injected through an iframe, Firefox is still exposed.

As of this date, Mozilla has patched Firefox however neither Opera nor Microsoft has patched their browsers.

-Allen

Posted at 08:54 AM | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d834566abc69e200d8354028bf53ef

Listed below are links to weblogs that reference Firefox fixes flaws, Internet Explorer does not:

Comments

Verify your Comment

Previewing your Comment

Posted by: |

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:

Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

ByteCrusher Blog

Archives

Categories

About