The rallying cry for some time has been to dump Microsoft's Internet Explorer in favor of an alternate browser, such as Firefox, and in doing so dramatically improve your Internet Security. The solution is it's not quite so simple, and while Firefox seems to be under a recent stream of attacks, at least they're actively patching.
Stefan Esser, who writes for a the Hardened-PHP Project, detailed a vulnerability in Firefox (recently patched), IE, and Opera (neither patched) that opens the three browsers up to all the UTF-7 XSS vulnerabilities. The rub here is that Firefox was thought to be imune to these vulnerabilities. Unfortunately when the malicious code is injected through an iframe, Firefox is still exposed.
As of this date, Mozilla has patched Firefox however neither Opera nor Microsoft has patched their browsers.
-Allen
Awesome post! please keep up the great work i would love to hear more like this.
Posted by: cheap zyban | January 18, 2011 at 11:33 PM